Vulnerability Details CVE-2023-35836
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.2%
CVSS Severity
CVSS v3 Score 6.5
References
- https://www.solaxpower.com/downloads/
- https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
- https://yougottahackthat.com/blog/
- https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication
- https://www.solaxpower.com/downloads/
- https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
- https://yougottahackthat.com/blog/
- https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication
Products affected by CVE-2023-35836
-
cpe:2.3:h:solax:pocket_wifi_3:-
-
cpe:2.3:o:solax:pocket_wifi_3_firmware:3.0.0
-
cpe:2.3:o:solax:pocket_wifi_3_firmware:3.009.03_20230504