Ethical Hacking News
Hardcoded login credentials in HPE Aruba Instant On Wi-Fi devices have been found to be vulnerable to attack, putting sensitive data at risk. Firmware version 3.2.1.0 or newer has addressed this issue, but devices running earlier firmware versions are still exposed. Researchers have also identified another vulnerability in the Instant On Command Line Interface.
HPE Aruba Instant On Wi-Fi devices have a hardcoded login credentials vulnerability that can bypass normal device authentication. Firmware version 3.2.1.0 or newer addresses this issue, while versions below are still vulnerable to the attack. A second vulnerability (CVE-2025-37102) has been identified in the Instant On Command Line Interface, allowing arbitrary command execution with elevated privileges. Responsible disclosure and bug bounty programs played a role in identifying these vulnerabilities before malicious actors could exploit them. The incident highlights the need for businesses to regularly review and update their network devices and configurations to prevent exploitation.
The internet is abuzz with news of a recently discovered vulnerability in HPE Aruba Instant On Wi-Fi devices that could potentially allow remote attackers to bypass authentication and access the web interface. The vulnerability, tracked as CVE-2025-37103 (CVSS score of 9.8), has been identified by researcher ZZ from Ubisectech Sirius Team through the company’s Bug Bounty program.
In a shocking turn of events, it has come to light that HPE Aruba Instant On Wi-Fi devices contain hardcoded login credentials that can be exploited by anyone with knowledge of them, thereby bypassing normal device authentication. This vulnerability could potentially allow a remote attacker to gain administrative access to the system, putting sensitive data at risk.
Firmware version 3.2.1.0 or newer has addressed this issue; however, devices running firmware version 3.2.0.1 and below are still vulnerable to this attack. The vendor HPE Aruba Networking is not aware of public exploits or attacks in the wild exploiting these vulnerabilities at this time.
Moreover, researchers have also identified another vulnerability tracked as CVE-2025-37102, an authenticated command injection vulnerability in the Instant On Command Line Interface. A successful exploitation of this vulnerability could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privileged user.
It is worth noting that researcher ZZ has reported both vulnerabilities through the company’s Bug Bounty program, demonstrating the importance of responsible disclosure and bug bounty programs in identifying vulnerabilities before they can be exploited by malicious actors.
In conclusion, this vulnerability highlights the need for businesses to regularly review and update their network devices and configurations to prevent exploitation. By taking proactive steps to secure their networks, organizations can minimize the risk of data breaches and protect sensitive information from falling into the wrong hands.
Related Information:
https://www.ethicalhackingnews.com/articles/HPE-Aruba-Instant-On-Wi-Fi-Devices-Left-Vulnerable-to-Remote-Attack-Due-to-Hardcoded-Credentials-ehn.shtml
https://securityaffairs.com/180230/security/hardcoded-credentials-hpe-aruba-instant-on-wi-fi-devices.html
https://nvd.nist.gov/vuln/detail/CVE-2025-37102
https://www.cvedetails.com/cve/CVE-2025-37102/
https://nvd.nist.gov/vuln/detail/CVE-2025-37103
https://www.cvedetails.com/cve/CVE-2025-37103/
Published: Tue Jul 22 12:29:06 2025 by llama3.2 3B Q4_K_M
