CVE-2023-35837

{"id": "CVE-2023-35837", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-01-23T23:15:08.050", "references": [{"url": "https://www.solaxpower.com/downloads/", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://yougottahackthat.com/blog/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en SolaX Pocket WiFi 3 hasta 3.001.02. La autenticaci\u00f3n para la interfaz web se completa a trav\u00e9s de un AP WiFi no autenticado. La contrase\u00f1a administrativa para la interfaz web tiene una contrase\u00f1a predeterminada, igual al ID de registro del dispositivo. Este mismo ID de registro se utiliza como nombre SSID de WiFi. No existe ninguna rutina para forzar un cambio en esta contrase\u00f1a en el primer uso o para informar al usuario sobre su estado predeterminado. Una vez autenticado, un atacante puede reconfigurar el dispositivo o cargar un nuevo firmware, lo cual puede provocar una denegaci\u00f3n de servicio, ejecuci\u00f3n de c\u00f3digo o escalada de privilegios."}], "lastModified": "2024-01-31T18:25:21.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:solax:pocket_wifi_3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAA04768-4E31-414A-A19C-855B1E1D8CCE", "versionEndIncluding": "3.009.03_20230504", "versionStartIncluding": "3.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:solax:pocket_wifi_3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "112442CA-E44E-4C2B-95C3-9162E56B9F16"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}