← back
CVE-2025-15574

Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection

CVSS 6.5 MEDIUMEPSS 0.2%CWE-330
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm. Attackers with the knowledge of the registration numbers can connect to the MQTT server and impersonate the dongle / inverters.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
SolaX Power · Pocket WiFi 3.0SolaX Power · Pocket WiFi 4.0SolaX Power · Pocket WiFi+4GMSolaX Power · Pocket WiFi+LANSolaX Power · Pocket WiFi+LAN 2.0

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://r.sec-consult.com/solax