Hewlett Packard Enterprise (HPE) has issued a critical security warning for Aruba Instant On Access Points, following the discovery of hardcoded credentials in the devices’ firmware. The flaw could allow attackers to bypass authentication, gain admin access, and deploy malware or manipulate settings.
The vulnerabilities, tracked as CVE-2025-37103 and CVE-2025-37102, were patched by HPE. The first issue involves hardcoded admin credentials, while the second allows arbitrary command execution with admin privileges.
Aruba Instant On Access Points are designed for small businesses, providing fast, reliable, and secure wireless connectivity with a simple deployment process. However, the discovery highlights a serious risk, as anyone with knowledge of the hardcoded credentials could compromise the device.
HPE advises all users to apply the latest firmware updates immediately to mitigate potential attacks and ensure network security.
Photo credits : https://www.techradar.com/pro/security/hpe-warns-hardcoded-passwords-in-aruba-hardware-could-be-a-security-risk?utm_source=chatgpt.com
