CVE-2025-15574
When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm. Attackers with the knowledge of the registration numbers can connect to the MQTT server and impersonate the dongle / inverters.
Vendor
-
Product
-
CWE
Yayın Tarihi
2026-02-12 11:15:49
Güncelleme
2026-02-12 16:16:02
Source Identifier
551230f0-3615-47bd-b7cc-93e92e730bbf
KEV Date Added
-