CVE-2025-15574
Authentication Bypass in SolaX MQTT Server Enables Device Impersonation
Publication date: 2026-02-12
Last updated on: 2026-02-12
Assigner: SEC Consult Vulnerability Lab
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| solax | power_pocket | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-330 | The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Solax Cloud MQTT server authentication process. The username used to connect is the device's registration number, a 10-character string found on the SolaX Power Pocket device or its QR code. The password is generated from this registration number using a proprietary XOR/transposition algorithm. Because the registration number is exposed on the device, attackers who know these numbers can connect to the MQTT server and impersonate the device, such as the dongle or inverters.
How can this vulnerability impact me? :
An attacker who knows the registration number can connect to the Solax Cloud MQTT server and impersonate legitimate devices like dongles or inverters. This could allow unauthorized access to device communications, potentially leading to manipulation or interception of data, disruption of device operations, or unauthorized control over the devices.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know