【Vulnerability Alert】High-Risk Security Vulnerabilities (CVE-2025-37102 and CVE-2025-37103) Found in HPE Networking Instant On Wireless Access Points – Immediate Verification and Patching Required
publish date :
2025-08-05
update date :
2025-08-05
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025080108085252 | Publication Time | 2025/08/01 08:58 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/08/01 08:58 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】High-Risk Security Vulnerabilities (CVE-2025-37102 and CVE-2025-37103) Found in HPE Networking Instant On Wireless Access Points – Immediate Verification and Patching Required |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202507-00000230 Researchers have discovered two high-risk security vulnerabilities (CVE-2025-37102 and CVE-2025-37103) in HPE Networking Instant On wireless access points. These vulnerabilities are classified as OS Command Injection and Use of Hard-coded Credentials. The first allows a remote attacker with administrative privileges to inject arbitrary operating system commands and execute them on the device. The second allows a remote attacker without authentication to use hard-coded credentials to log in to the system with administrator privileges. Immediate verification and patching are required. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] HPE Networking Instant On wireless access points with software version 3.20.1 and earlier |
|||
| [Recommended Actions] The vendor has released security updates to address these vulnerabilities. Please follow the official instructions to update: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US |
|||
| [Reference] https://nvd.nist.gov/vuln/detail/CVE-2025-37102 https://nvd.nist.gov/vuln/detail/CVE-2025-37103 https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center