Overview
- Description
- An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solax:pocket_wifi_3_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FAA04768-4E31-414A-A19C-855B1E1D8CCE",
"versionEndIncluding": "3.009.03_20230504",
"versionStartIncluding": "3.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solax:pocket_wifi_3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "112442CA-E44E-4C2B-95C3-9162E56B9F16"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]