Hardcoded Credentials Expose Wi-Fi Devices to Attack!

A significant security flaw has been uncovered in HPE's Aruba Instant On Wi-Fi devices, putting countless small and medium-sized businesses (SMBs) at risk. Hardcoded credentials have been discovered that allow attackers to bypass authentication protocols and gain unauthorized access to these devices' web interfaces.

The Severity of the Vulnerability

This critical vulnerability, tracked as CVE-2025-37103, boasts a staggering CVSS score of 9.8, categorizing it as a high-risk threat. Affected devices include those running firmware versions 3.2.0.1 and earlier. Users are urged to upgrade their firmware immediately to version 3.2.1.0 or higher, which rectifies this dangerous issue.

What Does This Mean for Businesses?

The Aruba Instant On line consists of plug-and-play Wi-Fi access points designed for effortless management without the complications typically associated with enterprise systems. However, this flaw allows anyone knowledgeable about the hardcoded credentials to bypass normal authentication processes, leading to potential administrative access.

Other Vulnerabilities Discovered

In addition to the hardcoded credential issue, HPE also identified an authenticated command injection vulnerability, labeled CVE-2025-37102. This vulnerability enables a remote attacker with privileged access to execute arbitrary commands on the device's operating system, amplifying the threat landscape.

Who Discovered These Vulnerabilities?

Both vulnerabilities were reported by the security researcher ZZ from the Ubisectech Sirius Team through HPE’s Bug Bounty program, highlighting the ongoing need for vigilance in cybersecurity.

No Known Exploits Yet!

As of now, HPE Aruba Networking has not detected any public exploits or active attacks leveraging these vulnerabilities. Nonetheless, this insight serves as a wake-up call for businesses to assess and fortify their network security.

Take Action Now!

SMBs utilizing HPE Aruba Instant On devices should prioritize updating their systems to protect against this critical vulnerability. Stay informed and secure; your business could depend on it!