Vulnerability Details : CVE-2023-35835
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.
Products affected by CVE-2023-35835
- Solax » Pocket Wifi 3 FirmwareVersions from including (>=) 3.0.0 and up to, including, (<=) 3.009.03_20230504cpe:2.3:o:solax:pocket_wifi_3_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-35835
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-35835
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-02-06 |
References for CVE-2023-35835
-
https://yougottahackthat.com/blog/
You Gotta Hack That | Penetration Testing ConsultancyThird Party Advisory
-
https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
News - SolaX PowerNot Applicable
-
https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication
You Gotta Hack That | Penetration Testing ConsultancyThird Party Advisory
-
https://www.solaxpower.com/downloads/
Downloads - SolaX PowerNot Applicable
Jump to