**Name of the Vulnerable Software and Affected Versions:**

HPE Networking Instant On Access Points versions 3.2.0 and earlier

HPE Aruba Instant On Access Points versions 3.2.0.1 and earlier

Aruba Instant On APs versions 3.2.0 and earlier

**Description:**

HPE Networking and Aruba Instant On Access Points are affected by hard-coded login credentials. Exploitation of this issue allows attackers to bypass normal device authentication and gain administrative access to the system remotely. The vulnerability could potentially allow a full system takeover if chained with a second, unspecified bug.

**Recommendations:**

HPE Networking Instant On Access Points versions 3.2.0 and earlier: Upgrade firmware to version 3.2.1.0 or later.

HPE Aruba Instant On Access Points versions 3.2.0.1 and earlier: Upgrade firmware to version 3.2.1.0 or later.

Aruba Instant On APs versions 3.2.0 and earlier: Upgrade firmware to version 3.2.1.0 or later.