CVE-2025-15575 is a vulnerability identified in the firmware update process of the SolaX Power Pocket WiFi 3.0 device, specifically in versions earlier than 3.022.03. The core issue is the absence of integrity and authenticity verification for firmware update files. The device's firmware update functionality does not perform cryptographic checks such as digital signature validation, allowing attackers to supply and flash malicious firmware images. This vulnerability is categorized under CWE-494 (Download of Code Without Integrity Check). Additionally, the device does not leverage ESP32 platform security features like secure boot, which would normally prevent unauthorized firmware from running. The vulnerability has a CVSS v3.1 base score of 5.3 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), integrity impact (I:L), and no availability impact (A:N). This means an attacker can remotely and easily exploit the vulnerability without authentication or user action to modify the device's firmware, potentially leading to persistent control or manipulation of device functions. No public exploits or patches are currently available, but the vendor is expected to release updates to address this issue. The vulnerability affects a specific product line widely used in certain markets for portable WiFi connectivity, making it a concern for organizations deploying these devices in their networks.

The primary impact of this vulnerability is the potential for an attacker to flash malicious firmware onto affected Pocket WiFi 3.0 devices, leading to unauthorized control or manipulation of the device. This can compromise the integrity of the device, allowing attackers to implant backdoors, intercept or manipulate network traffic, or disrupt device functionality. Although confidentiality and availability impacts are not directly indicated, the integrity compromise can indirectly affect confidentiality if attackers use the device as a foothold to monitor or tamper with communications. The lack of secure boot means malicious firmware can persist across reboots, increasing the difficulty of detection and remediation. Organizations using these devices, especially in critical or sensitive environments, risk exposure to espionage, data interception, or network disruption. Since exploitation requires no privileges or user interaction and can be performed remotely over the network, the attack surface is broad. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as proof-of-concept exploits may emerge. The medium CVSS score reflects moderate risk, but the potential for persistent compromise elevates the importance of timely mitigation.

1. Immediately update affected devices to firmware version 3.022.03 or later once the vendor releases a patch addressing this vulnerability. 2. Until patches are available, restrict network access to the device's firmware update interface by implementing network segmentation and firewall rules to limit exposure to trusted management networks only. 3. Monitor network traffic for unusual firmware update attempts or unexpected device behavior indicative of compromise. 4. Employ device inventory and configuration management to identify all affected Pocket WiFi 3.0 devices and ensure they are tracked for patching. 5. Consider disabling remote firmware update functionality if operationally feasible until a secure update mechanism is in place. 6. Advocate for the vendor to implement cryptographic verification of firmware updates, including digital signatures and secure boot features, to prevent unauthorized firmware flashing. 7. Conduct regular security assessments and penetration testing focused on IoT and embedded devices to detect similar vulnerabilities. 8. Educate network administrators about the risks of unverified firmware updates and the importance of applying vendor security advisories promptly.