CVE-2025-15573
Awaiting Analysis Awaiting Analysis - Queue
MQTT Server Certificate Validation Bypass in SolaX Devices Enables Command Injection

Publication date: 2026-02-12

Last updated on: 2026-02-12

Assigner: SEC Consult Vulnerability Lab

Description
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-12
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-12
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15573
EUVD
EUVD-2025-207398
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
solax power_pocket_wifi 618.00415.00_pocket_wifi_v3.015.02_20240122
solax power_pocket_wifi 3.0
solax power_pocket_wifi +lan
solax power_pocket_wifi +4gm
solax power_pocket_wifi +lan_2.0
solax power_pocket_wifi 4.0
solax inverter_wifi_lan_lte_dongles *
solax adapter_box *
solax ev_charger *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-15573 is a security vulnerability affecting various Solax Power Pocket WiFi models and related devices. The issue arises because these devices do not validate the server's TLS certificate when connecting to the SolaX Cloud MQTT server (mqtt001.solaxcloud.com on TCP port 8883)."}, {'type': 'paragraph', 'content': 'This lack of certificate validation allows attackers positioned as man-in-the-middle (MITM) to impersonate the legitimate MQTT server and send arbitrary commands to the affected devices.'}, {'type': 'paragraph', 'content': 'Such attacks can be executed on a large scale using techniques like BGP hijacking or DNS spoofing, enabling attackers to intercept and manipulate MQTT traffic between devices and the cloud server.'}] [1]

Impact Analysis

This vulnerability can have severe impacts including disruption of electric grid operations by repeatedly starting or stopping inverters.

Attackers can issue unauthorized commands to devices, potentially causing physical damage by disabling safety checks or creating harmful operational conditions.

Additionally, attackers may flash malicious firmware due to related vulnerabilities, gaining local network access and further compromising device integrity.

There is no known workaround, so immediate installation of vendor patches is strongly recommended to mitigate these risks.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by intercepting and analyzing the MQTT traffic between the affected device and the SolaX Cloud MQTT server (mqtt001.solaxcloud.com) on TCP port 8883. Proof-of-concept commands include using iptables and mitmproxy to intercept and manipulate MQTT traffic, which can reveal the lack of server certificate validation.

  • Use iptables rules to redirect MQTT traffic for interception.
  • Use mitmproxy to capture and analyze the MQTT TLS traffic on port 8883.
Mitigation Strategies

There is no workaround available for this vulnerability. The immediate step to mitigate the risk is to install the vendor-provided patches as soon as possible. Updated firmware versions have been released by the vendor and are available via the Solax Cloud account and the firmware upgrade function.

  • Immediately update the affected devices to the latest patched firmware provided by Solax.
  • Perform a comprehensive security review of the affected products to identify and address further issues.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15573. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart