Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used.

Basic Information

ID CVE-2025-15575

Source SEC-VLab

Published Feb 12, 2026 at 10:51

Modified Feb 12, 2026 at 15:13

Affected Product

Vendor SolaX Power

Product Pocket WiFi 3.0

Version <3.022.03

Affected Versions SolaX Power Pocket WiFi 3.0 <3.022.03
SolaX Power Pocket WiFi+LAN <1.009.02
SolaX Power Pocket WiFi+4GM <1.005.05
SolaX Power Pocket WiFi+LAN 2.0 <006.06
SolaX Power Pocket WiFi 4.0 <003.03

CWE Classification

CWE-494

References

r.sec-consult.com /solax

{
    "lastseen": "",
    "description": "The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device.\u00a0Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used.",
    "published": "2026-02-12T10:51:44.650Z",
    "modified": "2026-02-12T15:13:52.412Z",
    "type": "cve",
    "title": "Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models",
    "source": "SEC-VLab",
    "references": "https://r.sec-consult.com/solax",
    "id": "CVE-2025-15575",
    "bulletinFamily": "",
    "cwe": [
        "CWE-494"
    ],
    "cvelist": null,
    "sourceData": "SolaX Power Pocket WiFi 3.0 <3.022.03\nSolaX Power Pocket WiFi+LAN <1.009.02\nSolaX Power Pocket WiFi+4GM <1.005.05\nSolaX Power Pocket WiFi+LAN 2.0 <006.06\nSolaX Power Pocket WiFi 4.0 <003.03",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pocket WiFi 3.0",
    "version": "<3.022.03",
    "vendor": "SolaX Power",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models_CVE-2025-15575