InfoSecBulletin Cybersecurity for mankind
Hewlett-Packard Enterprise (HPE) warns that Aruba Instant On Access Points have hardcoded credentials, enabling attackers to skip normal authentication and reach the web interface.
Aruba Instant On Access Points are small, easy-to-use Wi-Fi devices for small to medium businesses. They provide advanced features like guest networks and traffic segmentation, and can be managed through a cloud or mobile app.
UK to ban public sector from paying ransomware gangs
(CVE-2025-6704, CVE-2025-7624)
Urgent Sophos Firewall Update: Two Critical RCE Flaws Patched
Dell admits breach of test lab platform by World Leaks extortion group
Microsoft issues urgent patches for SharePoint RCE vulnerabilities
HPE alerts of hardcoded passwords in Aruba access points
Akira Ransomware Allegedly Compromise 12 Companies in 72 Hours
Singapore urgently engage military force to tackle ‘serious’ cyberattack
Hackers infect 10M Androids with BADBOX 2.0
Oracle Patched 200 Vulns With July 2025 CPU
Ivanti Zero-Days Exploited to Drop MDifyLoader
The critical security issue, CVE-2025-37103 (CVSS score: 9.8), affects Instant On Access Points using firmware 3.2.0.1 or earlier.
“Hardcoded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication,” explained HPE in the bulletin.
“Successful exploitation could allow a remote attacker to gain administrative access to the system.”
Administrative credentials are hardcoded in the firmware, making them easy to find for those with knowledge.
Attackers can access the web interface as admins to change settings, reconfigure security, install backdoors, monitor traffic, or try to move laterally.
The vulnerability was discovered by a Ubisectech Sirius Team security researcher using the alias ZZ, who reported it directly to the vendor.
Users with vulnerable devices should upgrade to firmware version 3.2.1.0 or newer to reduce risk. HPE has not provided any workarounds, so patching is advised.
It is clarified in the bulletin that CVE-2025-37103 does not impact Instant On Switches.
On the same bulletin, HPE identifies a second vulnerability, CVE-2025-37102, which is a severe authenticated command injection issue in the CLI of Aruba Instant On access points.
This flaw can be exploited in conjunction with CVE-2025-37103 since it requires admin access. Threat actors can execute arbitrary commands through the CLI for data theft, disabling security, and maintaining access.
In this case, too, the problem is resolved by upgrading to firmware version 3.2.1.0 or later, and no workaround is available.
HPE Aruba Networking has not received any reports of exploitation of the two flaws yet, but the situation may change soon. It’s important to apply the security updates right away.
