Hewlett-Packard Enterprise (HPE) has issued a warning about critical security vulnerabilities in Aruba Instant On Access Points, including hardcoded credentials that could allow remote attackers to gain administrative access. Users are advised to upgrade their firmware to version 3.2.1.0 or later to mitigate these risks. #HPE #ArubaInstantOn #CVEs
Keypoints
- HPE identified hardcoded credentials in Aruba Instant On Access Points running firmware 3.2.0.1 and below.
- The primary vulnerability, CVE-2025-37103, allows attackers to bypass authentication and access device settings remotely.
- A second vulnerability, CVE-2025-37102, is a command injection flaw requiring admin access for exploitation.
- Upgrading to firmware version 3.2.1.0 or newer is the recommended remedy, as there are no workarounds.
- HPE has not reported any current exploitation but emphasizes immediate patching to prevent potential attacks.