CVE-2025-15575

CVE-2025-15575: Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models

Vendor Solax Power
Product Pocket WiFi 3.0
Weakness CWE-494 · Download without integrity check
Published February 12, 2026
Last update February 12, 2026

CVSS base score

What the vulnerability does

01Description

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used.

Key dates

02Disclosure timeline

February 12, 2026 CVE published
February 12, 2026 Record updated