CVE-2025-15575

Published: Feb 12, 2026

Modified: Feb 12, 2026

PUBLISHED

Description

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used.

Vendor	Product	Versions
SolaX Power	Pocket WiFi 3.0	affected `<3.022.03`
SolaX Power	Pocket WiFi+LAN	affected `<1.009.02`
SolaX Power	Pocket WiFi+4GM	affected `<1.005.05`
SolaX Power	Pocket WiFi+LAN 2.0	affected `<006.06`
SolaX Power	Pocket WiFi 4.0	affected `<003.03`

Weaknesses (CWE)

CWE-494

References

https://r.sec-consult.com/solax

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-15575

Description

Affected Products

Weaknesses (CWE)

References