CVE-2025-15573

Published: Feb 12, 2026

Modified: Feb 12, 2026

PUBLISHED

Description

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.

Vendor	Product	Versions
SolaX Power	Pocket WiFi 3.0	affected `<3.022.03`
SolaX Power	Pocket WiFi+LAN	affected `<1.009.02`
SolaX Power	Pocket WiFi+4GM	affected `<1.005.05`
SolaX Power	Pocket WiFi+LAN 2.0	affected `<006.06`
SolaX Power	Pocket WiFi 4.0	affected `<003.03`

Weaknesses (CWE)

CWE-295

References

https://r.sec-consult.com/solax

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-15573

Description

Affected Products

Weaknesses (CWE)

References