By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
World of SoftwareWorld of SoftwareWorld of Software
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Search
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
Reading: Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access
Share
Sign In
Notification Show More
Font ResizerAa
World of SoftwareWorld of Software
Font ResizerAa
  • Software
  • Mobile
  • Computing
  • Gadget
  • Gaming
  • Videos
Search
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Have an existing account? Sign In
Follow US
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
World of Software > Computing > Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access
Computing

Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access

News Room
Last updated: 2025/07/21 at 12:28 AM
News Room Published 21 July 2025
Share
SHARE

Jul 21, 2025Ravie LakshmananNetwork Security / Vulnerability

Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems.

The vulnerability, tracked as CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0.

“Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication,” the company said in an advisory.

“Successful exploitation could allow a remote attacker to gain administrative access to the system.”

Cybersecurity

Also patched by HPE is an authenticated command injection flaw in the command-line interface of the HPE Networking Instant On Access Points (CVE-2025-37102, CVSS score: 7.2) that a remote attacker could exploit with elevated permissions to run arbitrary commands on the underlying operating system as a privileged user.

This also means that an attacker could fashion CVE-2025-37103 and CVE-2025-37102 into an exploit chain, allowing them to obtain administrative access and inject malicious commands into the command-line interface for follow-on activity.

The company credited ZZ from Ubisectech Sirius Team for discovering and reporting the two issues. Both vulnerabilities have been resolved in HPE Networking Instant On software version 3.2.1.0 and above.

HPE also noted in its advisory that other devices, such as HPE Networking Instant On Switches, are not affected.

While there is no evidence that either of the flaws has come under active exploitation, users are advised to apply the updates as soon as possible to mitigate potential threats.

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Airline pilot forced into ‘aggressive’ move to avoid crash with B-52 bomber
Next Article Google could soon make a helpful change to Fast Pair UI for TWS earbuds (APK teardown)
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1k Like
69.1k Follow
134k Pin
54.3k Follow

Latest News

The Atari 2600+ goes full Pac-Man – with a joystick for each ghost
Gadget
From Collaboration to Decentralization: What’s New on HackerNoon | HackerNoon
Computing
iOS 18.6 Beta 4 Now Available As Official Launch Nears – BGR
News
Chrome will let you switch between personal and work accounts on iOS
News

You Might also Like

Computing

From Collaboration to Decentralization: What’s New on HackerNoon | HackerNoon

9 Min Read
Computing

51job to IPO in Hong Kong in first half of 2025, with over 200 million users · TechNode

1 Min Read
Computing

Hardware Meets Web3: Coldware’s CEO Ishak Hassan Champions Hardware-First Approach | HackerNoon

4 Min Read
Computing

China’s official meets with Elon Musk as Trump begins second term · TechNode

3 Min Read
//

World of Software is your one-stop website for the latest tech news and updates, follow us now to get the news that matters to you.

Quick Link

  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Topics

  • Computing
  • Software
  • Press Release
  • Trending

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

World of SoftwareWorld of Software
Follow US
Copyright © All Rights Reserved. World of Software.
Welcome Back!

Sign in to your account

Lost your password?