{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15575", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2026-02-09T09:43:52.314Z", "datePublished": "2026-02-12T10:51:44.650Z", "dateUpdated": "2026-02-12T15:13:52.412Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Pocket WiFi 3.0", "vendor": "SolaX Power", "versions": [{"status": "affected", "version": "<3.022.03"}]}, {"defaultStatus": "unaffected", "product": "Pocket WiFi+LAN", "vendor": "SolaX Power", "versions": [{"status": "affected", "version": "<1.009.02"}]}, {"defaultStatus": "unaffected", "product": "Pocket WiFi+4GM", "vendor": "SolaX Power", "versions": [{"status": "affected", "version": "<1.005.05"}]}, {"defaultStatus": "unaffected", "product": "Pocket WiFi+LAN 2.0", "vendor": "SolaX Power", "versions": [{"status": "affected", "version": "<006.06"}]}, {"defaultStatus": "unaffected", "product": "Pocket WiFi 4.0", "vendor": "SolaX Power", "versions": [{"status": "affected", "version": "<003.03"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Stefan Viehb\u00f6ck, SEC Consult Vulnerability Lab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device.&nbsp;Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used.<br>"}], "value": "The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device.\u00a0Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used."}], "impacts": [{"capecId": "CAPEC-439", "descriptions": [{"lang": "en", "value": "CAPEC-439 Manipulation During Distribution"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2026-02-12T10:57:44.013Z"}, "references": [{"url": "https://r.sec-consult.com/solax"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vendor provides patches for the affected Pocket models which can be obtained throw their customer's Solax Cloud account and using the Pocket firmware upgrade function there.<br><br>As of February 10, 2026, the firmware versions for each affected Pocket model are as follows according to the vendor:<br>1. Pocket WiFi 3.0 \u2013 (3.022.03)<br>2. Pocket WiFi+LAN \u2013 (1.009.02)<br>3. Pocket WiFi+4GM \u2013 (1.005.05)<br>4. Pocket WiFi+LAN 2.0 \u2013 (006.06)<br>5. Pocket WiFi 4.0 \u2013 (003.03)<br><br>The vendor provided the following further information regarding EV Charger and Adapter Box:<br>1. EV Charger: The WiFi module firmware supports digital signature, but only one-way authentication is implemented.<br>2. Adapter Box: The WiFi module firmware supports two-way authentication and digital signature.<br>"}], "value": "The vendor provides patches for the affected Pocket models which can be obtained throw their customer's Solax Cloud account and using the Pocket firmware upgrade function there.\n\nAs of February 10, 2026, the firmware versions for each affected Pocket model are as follows according to the vendor:\n1. Pocket WiFi 3.0 \u2013 (3.022.03)\n2. Pocket WiFi+LAN \u2013 (1.009.02)\n3. Pocket WiFi+4GM \u2013 (1.005.05)\n4. Pocket WiFi+LAN 2.0 \u2013 (006.06)\n5. Pocket WiFi 4.0 \u2013 (003.03)\n\nThe vendor provided the following further information regarding EV Charger and Adapter Box:\n1. EV Charger: The WiFi module firmware supports digital signature, but only one-way authentication is implemented.\n2. Adapter Box: The WiFi module firmware supports two-way authentication and digital signature."}], "source": {"discovery": "EXTERNAL"}, "title": "Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-12T15:13:42.470930Z", "id": "CVE-2025-15575", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T15:13:52.412Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-15575", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-12T15:13:42.470930Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T15:13:03.389Z"}}], "cna": {"title": "Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Stefan Viehb\u00f6ck, SEC Consult Vulnerability Lab"}], "impacts": [{"capecId": "CAPEC-439", "descriptions": [{"lang": "en", "value": "CAPEC-439 Manipulation During Distribution"}]}], "affected": [{"vendor": "SolaX Power", "product": "Pocket WiFi 3.0", "versions": [{"status": "affected", "version": "<3.022.03"}], "defaultStatus": "unaffected"}, {"vendor": "SolaX Power", "product": "Pocket WiFi+LAN", "versions": [{"status": "affected", "version": "<1.009.02"}], "defaultStatus": "unaffected"}, {"vendor": "SolaX Power", "product": "Pocket WiFi+4GM", "versions": [{"status": "affected", "version": "<1.005.05"}], "defaultStatus": "unaffected"}, {"vendor": "SolaX Power", "product": "Pocket WiFi+LAN 2.0", "versions": [{"status": "affected", "version": "<006.06"}], "defaultStatus": "unaffected"}, {"vendor": "SolaX Power", "product": "Pocket WiFi 4.0", "versions": [{"status": "affected", "version": "<003.03"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The vendor provides patches for the affected Pocket models which can be obtained throw their customer's Solax Cloud account and using the Pocket firmware upgrade function there.\n\nAs of February 10, 2026, the firmware versions for each affected Pocket model are as follows according to the vendor:\n1. Pocket WiFi 3.0 \u2013 (3.022.03)\n2. Pocket WiFi+LAN \u2013 (1.009.02)\n3. Pocket WiFi+4GM \u2013 (1.005.05)\n4. Pocket WiFi+LAN 2.0 \u2013 (006.06)\n5. Pocket WiFi 4.0 \u2013 (003.03)\n\nThe vendor provided the following further information regarding EV Charger and Adapter Box:\n1. EV Charger: The WiFi module firmware supports digital signature, but only one-way authentication is implemented.\n2. Adapter Box: The WiFi module firmware supports two-way authentication and digital signature.", "supportingMedia": [{"type": "text/html", "value": "The vendor provides patches for the affected Pocket models which can be obtained throw their customer's Solax Cloud account and using the Pocket firmware upgrade function there.<br><br>As of February 10, 2026, the firmware versions for each affected Pocket model are as follows according to the vendor:<br>1. Pocket WiFi 3.0 \u2013 (3.022.03)<br>2. Pocket WiFi+LAN \u2013 (1.009.02)<br>3. Pocket WiFi+4GM \u2013 (1.005.05)<br>4. Pocket WiFi+LAN 2.0 \u2013 (006.06)<br>5. Pocket WiFi 4.0 \u2013 (003.03)<br><br>The vendor provided the following further information regarding EV Charger and Adapter Box:<br>1. EV Charger: The WiFi module firmware supports digital signature, but only one-way authentication is implemented.<br>2. Adapter Box: The WiFi module firmware supports two-way authentication and digital signature.<br>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/solax"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device.\u00a0Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used.", "supportingMedia": [{"type": "text/html", "value": "The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device.&nbsp;Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2026-02-12T10:57:44.013Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15575", "state": "PUBLISHED", "dateUpdated": "2026-02-12T15:13:52.412Z", "dateReserved": "2026-02-09T09:43:52.314Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2026-02-12T10:51:44.650Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device.\u00a0Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used."}], "id": "CVE-2025-15575", "lastModified": "2026-02-12T16:16:03.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-12T11:15:49.233", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/solax"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}

{}

{"created": "2026-02-12T12:22:38.000881+00:00", "updated": "2026-02-12T12:22:38.000985+00:00", "vendors": ["solax", "solax$PRODUCT$pocket_wifi_3", "solax_power", "solax_power$PRODUCT$pocket_wifi+4gm", "solax_power$PRODUCT$pocket_wifi+lan", "solax_power$PRODUCT$pocket_wifi+lan_2.0", "solax_power$PRODUCT$pocket_wifi_4.0"]}