Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025080108085252 | Publication Time | 2025/08/01 08:58 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/08/01 08:58 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】High-Risk Security Vulnerabilities (CVE-2025-37102 and CVE-2025-37103) Found in HPE Networking Instant On Wireless Access Points – Immediate Verification and Patching Required |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202507-00000230 Researchers have discovered two high-risk security vulnerabilities (CVE-2025-37102 and CVE-2025-37103) in HPE Networking Instant On wireless access points. These vulnerabilities are classified as OS Command Injection and Use of Hard-coded Credentials. The first allows a remote attacker with administrative privileges to inject arbitrary operating system commands and execute them on the device. The second allows a remote attacker without authentication to use hard-coded credentials to log in to the system with administrator privileges. Immediate verification and patching are required. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] HPE Networking Instant On wireless access points with software version 3.20.1 and earlier |
|||
| [Recommended Actions] The vendor has released security updates to address these vulnerabilities. Please follow the official instructions to update: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US |
|||
| [Reference] https://nvd.nist.gov/vuln/detail/CVE-2025-37102 https://nvd.nist.gov/vuln/detail/CVE-2025-37103 https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US |
|||