CVE-2025-36756

Device Takeover vulnerability in SolaX Cloud

CVE CVE-2025-36756
Title Device Takeover vulnerability in SolaX Cloud
Credits
Affected products
Product Affected Unaffected Unknown
SolaX Power SolaX Cloud = before 27-06-2025 ()
everything else
CVSS
Base score 5.8 - MEDIUM
Attack Vector NETWORK
Attack Complexity> LOW
Attack Requirements PRESENT
Privileges Required LOW
Confidentiality Impact
Vulnerable system NONE Subsequent systems HIGH
Integrity Impact
Vulnerable system NONE Subsequent systems HIGH
Availability Impact
Vulnerable system NONE Subsequent systems HIGH
Safety impact NOT_DEFINED
Automatable NOT_DEFINED
Recovery USER
Value Density DIFFUSE
Vulnerability Response effort NOT_DEFINED
Provider Urgency NOT_DEFINED
References
Problem type(s)
Date published
Last modified

Description

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.

JSON version.