Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm. Attackers with the knowledge of the registration numbers can connect to the MQTT server and impersonate the dongle / inverters.

N/A

使用不充分的随机数

SolaX Power Pocket 安全漏洞

SolaX Power Pocket是中国艾罗能源（SolaX）公司的一个监控数据采集工具。 SolaX Power Pocket存在安全漏洞，该漏洞源于连接至Solax Cloud MQTT服务器时，密码由注册号通过专有XOR/转置算法派生，可能导致知晓注册号的攻击者连接到MQTT服务器并冒充设备。

N/A

N/A