A vulnerability exists in various SolaX Power Pocket WiFi models due to the devices' failure to validate server certificates when connecting to the SolaX Cloud MQTTS server on Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This oversight enables attackers in a man-in-the-middle position to impersonate the legitimate MQTT server and send arbitrary commands to the devices. The vulnerability could be exploited by intercepting the communication between the device and the cloud server, potentially leading to unauthorized control over connected inverters and energy systems.
Exploitation of this vulnerability could disrupt the electric grid by manipulating inverter operations, compromise local networks by flashing malicious firmware onto the dongles, and cause physical damage by overriding safety checks on the inverters, introducing harmful behaviors such as overvoltage or frequency mismatches.
The vulnerability can be reproduced by intercepting the MQTT communication using a tool like mitmproxy, which can be configured to redirect traffic from the vulnerable device to a port where the interception can occur. After setting up the interception, commands can be sent to the device as if they were coming from the legitimate MQTT server.
Users can update their devices through the SolaX Cloud account by using the Pocket firmware upgrade function. As of February 10, 2026, the latest firmware versions for the affected Pocket models are: Pocket WiFi 3.0 – (3.022.03), Pocket WiFi+LAN – (1.009.02), Pocket WiFi+4GM – (1.005.05), Pocket WiFi+LAN 2.0 – (006.06), Pocket WiFi 4.0 – (003.03).
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
