PT-2026-7836 · Solax Power · Solax Cloud Mqtt Server+1
Published
2026-02-12
·
Updated
2026-03-20
·
CVE-2025-15574
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Solax Power Pocket WiFi models (affected versions not specified)
Description
The username for connecting to the Solax Cloud MQTT server is the “registration number,” a 10-character string found on the SolaX Power Pocket device or its QR code. The password is generated from the same “registration number” using a proprietary XOR/transposition algorithm. Individuals with access to these registration numbers can connect to the MQTT server and potentially impersonate the dongle or inverters. The API endpoint used for connection is the Solax Cloud MQTT server. The vulnerable parameter is the
registration number.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solax Cloud Mqtt Server
Solax Power Pocket Wifi