CVE-2023-35835

Name of the Vulnerable Software and Affected Versions SolaX Pocket WiFi versions 3 through 3.001.02

Description An issue was discovered where the device provides a WiFi access point with no network authentication, such as an encryption key, and this network persists permanently. The WiFi network serves a web-based configuration utility and an unauthenticated ModBus protocol interface.

Recommendations For SolaX Pocket WiFi versions 3 through 3.001.02, consider disabling the WiFi access point after initial configuration to minimize the risk of exploitation. Restrict access to the ModBus protocol interface to prevent unauthorized access. As a temporary workaround, limit the use of the web-based configuration utility until a more secure configuration can be implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.