CNNVD-202602-2136 Information

CNNVD ID

CNNVD-202602-2136

Related CVE

CVE-2025-15574

• CNNVD Published: 2026-02-12

Description (Chinese)

SolaX Power Pocket是中国艾罗能源（SolaX）公司的一个监控数据采集工具。 SolaX Power Pocket存在安全漏洞，该漏洞源于连接至Solax Cloud MQTT服务器时，密码由注册号通过专有XOR/转置算法派生，可能导致知晓注册号的攻击者连接到MQTT服务器并冒充设备。

Description (English)

SolaX Power Pocket is a monitoring data-collection tool for SolaX. SolaX Power Pocket has a security loophole, which arises when connected to the Solar Cloud MQTT server, and the password is derived from the registration number through a unique XOR/replacement algorithm, which may lead to the attackor who knows the registration number connecting to the MQTT server and impersonating the equipment.

Vulnerability Type

其他

Affected Vendor

艾罗能源

Published

2026-02-12

Last Modified

2026-02-24

References

https://r.sec-consult.com/solax https://access.redhat.com/security/cve/cve-2025-15574