CVE-2025-15575

Name of the Vulnerable Software and Affected Versions Solax Power Pocket WiFi (affected versions not specified)

Description The firmware update functionality lacks verification of the authenticity of supplied firmware update files. This allows attackers to flash malicious firmware updates onto the device. Initial analysis reveals the absence of cryptographic checks, such as digital signature checks, on the provided firmware update files. Additionally, ESP32 security features like secure boot are not utilized.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.