CVE-2025-15574

Published: Feb 12, 2026

Modified: Feb 12, 2026

PUBLISHED

Description

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm. Attackers with the knowledge of the registration numbers can connect to the MQTT server and impersonate the dongle / inverters.

Vendor	Product	Versions
SolaX Power	Pocket WiFi 3.0	affected `<3.022.03`
SolaX Power	Pocket WiFi+LAN	affected `<1.009.02`
SolaX Power	Pocket WiFi+4GM	affected `<1.005.05`
SolaX Power	Pocket WiFi+LAN 2.0	affected `<006.06`
SolaX Power	Pocket WiFi 4.0	affected `<003.03`

Weaknesses (CWE)

CWE-330

References

https://r.sec-consult.com/solax

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-15574

Description

Affected Products

Weaknesses (CWE)

References