Security Advisory

CVE-2025-15574

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-12 10:58:29

Last updated 2026-02-12 15:15:45

Assigner SEC-VLab

State PUBLISHED

Description

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm. Attackers with the knowledge of the registration numbers can connect to the MQTT server and impersonate the dongle / inverters.

← Browse all CVEs View on cve.org ↗