FoxESS Community - Owners & Installers Forum

Hi community,

if there are some people out there which received the ANATEL Wifi dongle together with their inverter installation, could you please take a look find out if dongle's AP mode is still active after setting up STA mode? And if so, if password for STA mode is still readable in AP mode user interface? Best is, you check that from a second, uninvolved PC or smartphone - or you ask your neighbour .

If you can read the Wifi password from there in cleartext, please confirm.

You may check other/older Wifi dongles, too.

Ticket to FoxESS was closed without comment, and I don't get any responses when asking them by eMail.
I would use the confirmations for CVE request.

I'm looking forward to the results.

Wifi Dongle Installation Guide: https://www.fox-ess.com/download/upfile ... 0guide.pdf

Best regards,
CP

I'm not sure what you mean, can you confirm the steps to take and the current and expected behaviour and i'll test it out on my test bed.

Hi,

thank you for offering to test this. Probably here is a better description what's happening, and how to reproduce: https://github.com/CP-at-home/FoxESS-CVE

Looking forward to your results.

CP

Hi,

I made some screenshots to make it more clear: Connected to Dongle AP for configuration of SSID FoxEssTestAP; Dongle AP is W-2BYA848.
If you click into the password field, it is undisclosed:
And AP mode is still available even when STA mode is fully configured:
So: Your neighbour may anytime connect to W-XXXXXX Dongle AP and read your Wifi password in cleartext.


I hope this helps to understand my point...


Best regards, CP

Does the v3 not have the option to change the AP default password like the v2 can? Under port settings on my H1 module I see password option. I'll check if my K series v3 has the same option or maybe it's just missing on the v3 for now.

Now I do not know what you mean by V2/V3.
Anyway, it is the Anatel wifi dongle mentioned in first post, and in the linked installation guide (PDF), there is no description or event hint to change AP default password of 'mt2020'. And no hint to disable AP mode.
Looks like they simply forgot to implement those features.

P.S.: I got this Anatel wifi dongle together with the H3 10.0 inverter.

Does your datalogger use USB or is it the 4 pin connector?

It is the USB datalogger.

USB is the latest gen 3 version. the gen 2 you can update the default password. I'm just testing a gen 3 now and see if on the latest version this has been added.

Good news, I can confirm the following:

Version 3.16+ of the gen 2 (4 pin module) datalogger you can set the AP password
Version 4.12+ of the gen 3 (USB module) datalogger you can set the AP password

You need your installer or fox to update your data logger firmware.

I attached picture of the option below

Hi Will,

thanks for testing. Unfortunately, FoxEss does not react on my mails, and installer is waiting on answers from Fox as well.
There is no official download for firmware? And I guess you are not allowed to provide the file?

Best regards,
CP