SolaX: Difference between revisions

(One intermediate revision by one other user not shown)

Line 1:

{{CompanyCargo

|Founded=2012

Line 14:

Line 15:

==Incidents==

This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].

===Security concerns<ref>{{Cite web |date=2025-01-19 |title=SolaX inverter’s Pocket WiFi using poor authentication |url=https://yougottahackthat.com/insights/solax-inverters-pocket-wifi-using-poor-authentication |url-status=live |access-date=2025-09-20}}</ref>===

===Security concerns<ref>{{Cite web |date=2025-01-19 |title=SolaX inverter’s Pocket WiFi using poor authentication |url=https://yougottahackthat.com/insights/solax-inverters-pocket-wifi-using-poor-authentication |url-status=live |archive-url=https://web.archive.org/web/20250209004711/https://yougottahackthat.com/insights/solax-inverters-pocket-wifi-using-poor-authentication |archive-date=9 Feb 2025 |access-date=2025-09-20}}</ref>===

# Always open WiFi access point - The Pocket WiFi Adapter keeps always open, unsecured WiFi access point meant for configuration. Malicious attackers could use this to send ModBus commands to the inverter or to further infiltrate your home wifi.

#Always open WiFi access point - The Pocket WiFi Adapter keeps always open, unsecured WiFi access point meant for configuration. Malicious attackers could use this to send ModBus commands to the inverter or to further infiltrate your home wifi.

# Some configuration are stored cleartext and attackers in radio range can access them. This could give them pre-shared keys for wifi allowing them to access your home wifi.

#Some configuration are stored cleartext and attackers in radio range can access them. This could give them pre-shared keys for wifi allowing them to access your home wifi.

# The password for the web admin UI is same as wifi SSID.

#The password for the web admin UI is same as wifi SSID.

As far as I am aware these issues have '''not been fixed'''.

@@ Line 1: / Line 1: @@
+{{Stub}}
 {{CompanyCargo
 |Founded=2012
@@ Line 14: / Line 15: @@
 ==Incidents==
 This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
-===Security concerns<ref>{{Cite web |date=2025-01-19 |title=SolaX inverter’s Pocket WiFi using poor authentication |url=https://yougottahackthat.com/insights/solax-inverters-pocket-wifi-using-poor-authentication |url-status=live |access-date=2025-09-20}}</ref>===
+===Security concerns<ref>{{Cite web |date=2025-01-19 |title=SolaX inverter’s Pocket WiFi using poor authentication |url=https://yougottahackthat.com/insights/solax-inverters-pocket-wifi-using-poor-authentication |url-status=live |archive-url=https://web.archive.org/web/20250209004711/https://yougottahackthat.com/insights/solax-inverters-pocket-wifi-using-poor-authentication |archive-date=9 Feb 2025 |access-date=2025-09-20}}</ref>===
-# Always open WiFi access point - The Pocket WiFi Adapter keeps always open, unsecured WiFi access point meant for configuration. Malicious attackers could use this to send ModBus commands to the inverter or to further infiltrate your home wifi.
+#Always open WiFi access point - The Pocket WiFi Adapter keeps always open, unsecured WiFi access point meant for configuration. Malicious attackers could use this to send ModBus commands to the inverter or to further infiltrate your home wifi.
-# Some configuration are stored cleartext and attackers in radio range can access them. This could give them pre-shared keys for wifi allowing them to access your home wifi.
+#Some configuration are stored cleartext and attackers in radio range can access them. This could give them pre-shared keys for wifi allowing them to access your home wifi.
-# The password for the web admin UI is same as wifi SSID.
+#The password for the web admin UI is same as wifi SSID.
 As far as I am aware these issues have '''not been fixed'''.