Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.

N/A

证书验证不恰当

SolaX Power Pocket 安全漏洞

SolaX Power Pocket是中国艾罗能源（SolaX）公司的一个监控数据采集工具。 SolaX Power Pocket存在安全漏洞，该漏洞源于连接至SolaX Cloud MQTTS服务器时未验证服务器证书，可能导致中间人攻击者充当合法MQTT服务器并向设备发送任意命令。

N/A

N/A