Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba On the spot On Entry Factors that enable attackers to bypass regular system authentication and entry the online interface.
Aruba On the spot On Entry Factors are compact, plug-and-play wi-fi (Wi-Fi) units, designed primarily for small to medium-sized companies, providing enterprise-grade options (visitor networks, site visitors segmentation) with cloud/cell app administration.
The safety challenge, tracked as CVE-2025-37103 and rated “crucial” (CVSS v3.1 rating: 9.8), impacts On the spot On Entry Factors working firmware model 3.2.0.1 and beneath.
“Hardcoded login credentials had been present in HPE Networking On the spot On Entry Factors, permitting anybody with information of it to bypass regular system authentication,” defined HPE within the bulletin.
“Profitable exploitation might enable a distant attacker to realize administrative entry to the system.”
As the executive credentials are hardcoded within the firmware, discovering them is trivial for educated actors.
By accessing the online interface as directors, attackers might change the entry level’s settings, reconfigure safety, set up backdoors, carry out stealthy surveillance by capturing site visitors, and even try lateral motion.
The vulnerability was found by a Ubisectech Sirius Crew safety researcher utilizing the alias ZZ, who reported it on to the seller.
Customers of weak units are really useful to improve to firmware model 3.2.1.0 or newer to handle the danger. HPE has given no workarounds, so patching is the really useful plan of action.
It’s clarified within the bulletin that CVE-2025-37103 doesn’t affect On the spot On Switches.
On the identical bulletin, HPE highlights a second vulnerability, CVE-2025-37102. This can be a high-severity authenticated command injection flaw within the Command Line Interface (CLI) of Aruba On the spot On entry factors.
This flaw may be chained with CVE-2025-37103, as admin entry is required for its exploitation, permitting menace actors to inject arbitrary instructions into the CLI for knowledge exfiltration, safety disabling, and establishing persistence.
On this case, too, the issue is resolved by upgrading to firmware model 3.2.1.0 or later, and no workaround is on the market.
Presently, HPE Aruba Networking shouldn’t be conscious of any stories of exploitation of the 2 flaws. Nonetheless, this might change shortly, so making use of the safety updates instantly is essential.
Comprise rising threats in actual time – earlier than they affect your corporation.
Learn the way cloud detection and response (CDR) offers safety groups the sting they want on this sensible, no-nonsense information.
