CVE-2023-35837 - Vulnerability Details - OpenCVE

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Solax	Pocket Wifi 3 Pocket Wifi 3 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:solax:pocket_wifi_3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:solax:pocket_wifi_3:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.solaxpower.com/downloads/
https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
https://yougottahackthat.com/blog/
https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication

History

Mon, 16 Jun 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-23T00:00:00.000Z

Updated: 2025-06-16T19:52:03.608Z

Reserved: 2023-06-18T00:00:00.000Z

Link: CVE-2023-35837

Vulnrichment

Updated: 2024-08-02T16:30:45.372Z

NVD

Status : Modified

Published: 2024-01-23T23:15:08.050

Modified: 2025-06-16T20:15:24.593

Link: CVE-2023-35837

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-35837", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-06-16T19:52:03.608Z", "dateReserved": "2023-06-18T00:00:00.000Z", "datePublished": "2024-01-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-23T22:39:22.568Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://yougottahackthat.com/blog/"}, {"url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/"}, {"url": "https://www.solaxpower.com/downloads/"}, {"url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:30:45.372Z"}, "title": "CVE Program Container", "references": [{"url": "https://yougottahackthat.com/blog/", "tags": ["x_transferred"]}, {"url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/", "tags": ["x_transferred"]}, {"url": "https://www.solaxpower.com/downloads/", "tags": ["x_transferred"]}, {"url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-02-21T16:54:33.286543Z", "id": "CVE-2023-35837", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T19:52:03.608Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://yougottahackthat.com/blog/", "tags": ["x_transferred"]}, {"url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/", "tags": ["x_transferred"]}, {"url": "https://www.solaxpower.com/downloads/", "tags": ["x_transferred"]}, {"url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:30:45.372Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-35837", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-21T16:54:33.286543Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T19:51:57.950Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://yougottahackthat.com/blog/"}, {"url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/"}, {"url": "https://www.solaxpower.com/downloads/"}, {"url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-23T22:39:22.568Z"}}}, "cveMetadata": {"cveId": "CVE-2023-35837", "state": "PUBLISHED", "dateUpdated": "2025-06-16T19:52:03.608Z", "dateReserved": "2023-06-18T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-01-23T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:solax:pocket_wifi_3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FAA04768-4E31-414A-A19C-855B1E1D8CCE", "versionEndIncluding": "3.009.03_20230504", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:solax:pocket_wifi_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "112442CA-E44E-4C2B-95C3-9162E56B9F16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en SolaX Pocket WiFi 3 hasta 3.001.02. La autenticaci\u00f3n para la interfaz web se completa a trav\u00e9s de un AP WiFi no autenticado. La contrase\u00f1a administrativa para la interfaz web tiene una contrase\u00f1a predeterminada, igual al ID de registro del dispositivo. Este mismo ID de registro se utiliza como nombre SSID de WiFi. No existe ninguna rutina para forzar un cambio en esta contrase\u00f1a en el primer uso o para informar al usuario sobre su estado predeterminado. Una vez autenticado, un atacante puede reconfigurar el dispositivo o cargar un nuevo firmware, lo cual puede provocar una denegaci\u00f3n de servicio, ejecuci\u00f3n de c\u00f3digo o escalada de privilegios."}], "id": "CVE-2023-35837", "lastModified": "2025-06-16T20:15:24.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-23T23:15:08.050", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://www.solaxpower.com/downloads/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://yougottahackthat.com/blog/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://www.solaxpower.com/downloads/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://yougottahackthat.com/blog/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}