Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba On the spot On Entry Factors that enable attackers to bypass regular machine authentication and entry the online interface.
Aruba On the spot On Entry Factors are compact, plug-and-play wi-fi (Wi-Fi) gadgets, designed primarily for small to medium-sized companies, providing enterprise-grade options (visitor networks, visitors segmentation) with cloud/cell app administration.
The safety subject, tracked as CVE-2025-37103 and rated “vital” (CVSS v3.1 rating: 9.8), impacts On the spot On Entry Factors working firmware model 3.2.0.1 and under.
“Hardcoded login credentials have been present in HPE Networking On the spot On Entry Factors, permitting anybody with data of it to bypass regular machine authentication,” defined HPE within the bulletin.
“Profitable exploitation might enable a distant attacker to realize administrative entry to the system.”
As the executive credentials are hardcoded within the firmware, discovering them is trivial for educated actors.
By accessing the online interface as directors, attackers might change the entry level’s settings, reconfigure safety, set up backdoors, carry out stealthy surveillance by capturing visitors, and even try lateral motion.
The vulnerability was found by a Ubisectech Sirius Crew safety researcher utilizing the alias ZZ, who reported it on to the seller.
Customers of susceptible gadgets are really useful to improve to firmware model 3.2.1.0 or newer to deal with the danger. HPE has given no workarounds, so patching is the really useful plan of action.
It’s clarified within the bulletin that CVE-2025-37103 doesn’t impression On the spot On Switches.
On the identical bulletin, HPE highlights a second vulnerability, CVE-2025-37102. This can be a high-severity authenticated command injection flaw within the Command Line Interface (CLI) of Aruba On the spot On entry factors.
This flaw may be chained with CVE-2025-37103, as admin entry is required for its exploitation, permitting menace actors to inject arbitrary instructions into the CLI for knowledge exfiltration, safety disabling, and establishing persistence.
On this case, too, the issue is resolved by upgrading to firmware model 3.2.1.0 or later, and no workaround is obtainable.
At the moment, HPE Aruba Networking just isn’t conscious of any studies of exploitation of the 2 flaws. Nevertheless, this might change rapidly, so making use of the safety updates instantly is essential.
Include rising threats in actual time – earlier than they impression your enterprise.
Learn the way cloud detection and response (CDR) provides safety groups the sting they want on this sensible, no-nonsense information.
