Firmware Update Vulnerability in Solax Devices
CVE-2025-15575

5.3MEDIUM

Key Information:

Vendor: Solax Power
Status: Pocket Wifi 3.0; Pocket Wifi+lan; Pocket Wifi+4gm; Pocket Wifi+lan 2.0
Vendor: CVE Published:; 12 February 2026

🔔 Create Solax Power Vulnerability Alert

What is CVE-2025-15575?

The firmware update feature in Solax devices lacks verification mechanisms, allowing unauthorized firmware files to be installed. This absence of checks, such as digital signature verification, compromises device integrity and security. Additionally, the ESP32's built-in security features, including secure boot, are not being utilized, further increasing the risk of malicious firmware uploads, which can lead to unauthorized control of affected devices.

Affected Version(s)

Pocket WiFi 3.0 <3.022.03

Pocket WiFi 4.0 <003.03

Pocket WiFi+4GM <1.005.05

References

https://r.sec-consult.com/solax

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2026
Vulnerability Reserved
Feb 9, 2026

Credit

Stefan Viehböck, SEC Consult Vulnerability Lab

CVE-2025-15575 Data

JSON