CVE-2023-35835 Information

Description

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility as well as an unauthenticated ModBus protocol interface.

Reference

https://yougottahackthat.com/blog/ https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/ https://www.solaxpower.com/downloads/ https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication