CNNVD-202602-2137 Information

CNNVD ID

CNNVD-202602-2137

Related CVE

CVE-2025-15573

• CNNVD Published: 2026-02-12

Description (Chinese)

SolaX Power Pocket是中国艾罗能源（SolaX）公司的一个监控数据采集工具。 SolaX Power Pocket存在安全漏洞，该漏洞源于连接至SolaX Cloud MQTTS服务器时未验证服务器证书，可能导致中间人攻击者充当合法MQTT服务器并向设备发送任意命令。

Description (English)

SolaX Power Pocket is a monitoring data-collection tool for SolaX. SolaX Power Pocket has a security loophole, which stems from the failure to validate the server certificate when connected to the SolaX Cloud MQTTS server, which could lead the middlemen to act as a legitimate MQTT server and to issue arbitrary orders to the equipment.

Vulnerability Type

其他

Affected Vendor

艾罗能源

Published

2026-02-12

Last Modified

2026-02-24

References

https://r.sec-consult.com/solax https://access.redhat.com/security/cve/cve-2025-15573