Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba On the spot On Entry Factors that enable attackers to bypass regular gadget authentication and entry the net interface.
Aruba On the spot On Entry Factors are compact, plug-and-play wi-fi (Wi-Fi) units, designed primarily for small to medium-sized companies, providing enterprise-grade options (visitor networks, site visitors segmentation) with cloud/cell app administration.
The security situation, tracked as CVE-2025-37103 and rated “essential” (CVSS v3.1 rating: 9.8), impacts On the spot On Entry Factors operating firmware model 3.2.0.1 and under.
“Hardcoded login credentials have been present in HPE Networking On the spot On Entry Factors, permitting anybody with data of it to bypass regular gadget authentication,” defined HPE within the bulletin.
“Profitable exploitation may enable a distant attacker to achieve administrative entry to the system.”
As the executive credentials are hardcoded within the firmware, discovering them is trivial for educated actors.
By accessing the net interface as directors, attackers could change the entry level’s settings, reconfigure security, set up backdoors, carry out stealthy surveillance by capturing site visitors, and even try lateral motion.
The vulnerability was found by a Ubisectech Sirius Staff security researcher utilizing the alias ZZ, who reported it on to the seller.
Customers of weak units are really useful to improve to firmware model 3.2.1.0 or newer to deal with the chance. HPE has given no workarounds, so patching is the really useful plan of action.
It’s clarified within the bulletin that CVE-2025-37103 doesn’t affect On the spot On Switches.
On the identical bulletin, HPE highlights a second vulnerability, CVE-2025-37102. It is a high-severity authenticated command injection flaw within the Command Line Interface (CLI) of Aruba On the spot On entry factors.
This flaw might be chained with CVE-2025-37103, as admin entry is required for its exploitation, permitting risk actors to inject arbitrary instructions into the CLI for information exfiltration, security disabling, and establishing persistence.
On this case, too, the issue is resolved by upgrading to firmware model 3.2.1.0 or later, and no workaround is out there.
At the moment, HPE Aruba Networking isn’t conscious of any reviews of exploitation of the 2 flaws. Nonetheless, this may change rapidly, so making use of the security updates instantly is essential.
CISOs know that getting board buy-in begins with a transparent, strategic view of how cloud security drives enterprise worth.
This free, editable board report deck helps security leaders current threat, affect, and priorities in clear enterprise phrases. Flip security updates into significant conversations and quicker decision-making within the boardroom.
