PT-2025-28660 · Hewlett Packard · Hpe Networking Instant On Access Points
Jane Smith
+1
·
Published
2025-07-08
·
Updated
2025-08-20
·
CVE-2025-37103
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
HPE Networking Instant On Access Points versions 3.2.0 and earlier
HPE Aruba Instant On Access Points versions 3.2.0.1 and earlier
Aruba Instant On APs versions 3.2.0 and earlier
Description
HPE Networking and Aruba Instant On Access Points are affected by hard-coded login credentials. Exploitation of this issue allows attackers to bypass normal device authentication and gain administrative access to the system remotely. The vulnerability could potentially allow a full system takeover if chained with a second, unspecified bug.
Recommendations
HPE Networking Instant On Access Points versions 3.2.0 and earlier: Upgrade firmware to version 3.2.1.0 or later.
HPE Aruba Instant On Access Points versions 3.2.0.1 and earlier: Upgrade firmware to version 3.2.1.0 or later.
Aruba Instant On APs versions 3.2.0 and earlier: Upgrade firmware to version 3.2.1.0 or later.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hpe Networking Instant On Access Points