—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in HPE Networking Instant on Access Points 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

HPE Networking Instant on Access Points versions prior to 3.2.1.0.

Overview

Multiple vulnerabilities have been reported in HPE Networking Instant On Access Points, which could be exploited by an attacker to bypass authentication and execute arbitrary commands on the targeted device.

Target Audience:

All organizations and individuals using HPE Networking Instant On Access Points.

Risk Assessment:

High risk of unauthorized access to sensitive information and system compromise via local or LAN-based attack vectors.

Impact Assessment:

Potential for unauthorized administrative access, data theft, and remote code execution resulting in full system compromise.

Description

HPE Networking Instant on Access Points are easy-to-deploy, cloud-managed Wi-Fi solutions designed for small businesses, offering fast, secure, and reliable wireless connectivity.

These vulnerabilities exist in HPE Networking Instant on Access Points due to hard-coded login credentials and command injection vulnerability in the Command line interface. A remote attacker could exploit these vulnerabilities by sending a specially crafted request.

Successful exploitation of these vulnerabilities could allow an attacker with local network access to gain administrative privileges and execute arbitrary code on the targeted system.

Solution

Apply appropriate updates as mentioned as mentioned by the Vendor:

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US

Vendor Information

Hewlett Packard Enterprise (HPE)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US

References

Hewlett Packard Enterprise (HPE)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US

CVE Name

CVE-2025-37102

CVE-2025-37103

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmiDmZ0ACgkQ3jCgcSdc

ys9zEQ//SdSixHIAtQsAQwQ/VVrkUPRRzwKA94aL3vdnCP+z7ZxU+dSTz1v9o0u7

oXExkq1MzUkfhni92gSpCm+vNoGekqEakxH3wvhpWURX/6hGN7vxNJe+FXj3LQ30

OLyHDGIeK6Kmog6G48te+VV+1Mu0sm0blThwE0lugGn+vn3MEL6JEmHQ50AVwHh9

dLA/GxN6G4xMsqOo5VAamXK0rAqdrJPCF7VI3OorhFa0ns1FUolRkg+wSYOtYbdu

FrQm2XLUXLWlj6Jxq92gcQTkV8X9CzZXK1Ij2gN0eb2zgQO7/eqUKB5SP6z20Xc3

yMv/rwlbmVukkIZg3kmAmvYptRQjlaRIzEmSSBPdtj2Nq+dxkx1qD4xLz9X/yUta

7iLvQd69yiR/9uEQ+tsuNrvpb+idaZxNoOZDZ8dsTFauAqa0bmbF2IcCUWtfcMzO

67H5Kh6aSVd2Vn80nhYT4WzeNz5bY+yzPmrvcGCasOoYao04P1cu2YffsAG7O/jL

HltibI0drQr9rIpjSMVWqKa++I5MRJvCUW1Kig/w1guT3+wMhKQ9JquQw2nSp4qe

kKbBtC8oCEMBHmh3RWktOolG7TLQo0qPnf/03qhM+nMN+8W+WxiP+bnvdgdcYCC+

hTcQYtPMNi+Xl85chSkzPgqWoEU9y+JebHV62zYOvWJVp0Ndxtw=

=0U7z

—–END PGP SIGNATURE—–