InfoSecBulletin Cybersecurity for mankind
Hewlett-Packard Enterprise (HPE) warns that Aruba Instant On Access Points have hardcoded credentials, enabling attackers to skip normal authentication and reach the web interface.
Aruba Instant On Access Points are small, easy-to-use Wi-Fi devices for small to medium businesses. They provide advanced features like guest networks and traffic segmentation, and can be managed through a cloud or mobile app.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
The critical security issue, CVE-2025-37103 (CVSS score: 9.8), affects Instant On Access Points using firmware 3.2.0.1 or earlier.
“Hardcoded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication,” explained HPE in the bulletin.
“Successful exploitation could allow a remote attacker to gain administrative access to the system.”
Administrative credentials are hardcoded in the firmware, making them easy to find for those with knowledge.
Attackers can access the web interface as admins to change settings, reconfigure security, install backdoors, monitor traffic, or try to move laterally.
The vulnerability was discovered by a Ubisectech Sirius Team security researcher using the alias ZZ, who reported it directly to the vendor.
Users with vulnerable devices should upgrade to firmware version 3.2.1.0 or newer to reduce risk. HPE has not provided any workarounds, so patching is advised.
It is clarified in the bulletin that CVE-2025-37103 does not impact Instant On Switches.
On the same bulletin, HPE identifies a second vulnerability, CVE-2025-37102, which is a severe authenticated command injection issue in the CLI of Aruba Instant On access points.
This flaw can be exploited in conjunction with CVE-2025-37103 since it requires admin access. Threat actors can execute arbitrary commands through the CLI for data theft, disabling security, and maintaining access.
In this case, too, the problem is resolved by upgrading to firmware version 3.2.1.0 or later, and no workaround is available.
HPE Aruba Networking has not received any reports of exploitation of the two flaws yet, but the situation may change soon. It’s important to apply the security updates right away.
