Firmware Update Vulnerability in Solax Devices
CVE-2025-15575

5.3MEDIUM

Key Information:

Vendor: Solax Power
Status: Pocket Wifi 3.0; Pocket Wifi+lan; Pocket Wifi+4gm; Pocket Wifi+lan 2.0
Vendor: CVE Published:; 12 February 2026

🔔 Create Solax Power Vulnerability Alert

What is CVE-2025-15575?

The firmware update feature in Solax devices lacks verification mechanisms, allowing unauthorized firmware files to be installed. This absence of checks, such as digital signature verification, compromises device integrity and security. Additionally, the ESP32's built-in security features, including secure boot, are not being utilized, further increasing the risk of malicious firmware uploads, which can lead to unauthorized control of affected devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Pocket WiFi 3.0 <3.022.03

Pocket WiFi 4.0 <003.03

Pocket WiFi+4GM <1.005.05

References

https://r.sec-consult.com/solax

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2026
Vulnerability Reserved
Feb 9, 2026

Credit

Stefan Viehböck, SEC Consult Vulnerability Lab

JSON

Solax Power

What is CVE-2025-15575?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.