Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access

The Hacker News by The Hacker News
July 21, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jul 21, 2025Ravie LakshmananNetwork Security / Vulnerability

Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems.

The vulnerability, tracked as CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0.

“Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication,” the company said in an advisory.

“Successful exploitation could allow a remote attacker to gain administrative access to the system.”

Cybersecurity

Also patched by HPE is an authenticated command injection flaw in the command-line interface of the HPE Networking Instant On Access Points (CVE-2025-37102, CVSS score: 7.2) that a remote attacker could exploit with elevated permissions to run arbitrary commands on the underlying operating system as a privileged user.

This also means that an attacker could fashion CVE-2025-37103 and CVE-2025-37102 into an exploit chain, allowing them to obtain administrative access and inject malicious commands into the command-line interface for follow-on activity.

The company credited ZZ from Ubisectech Sirius Team for discovering and reporting the two issues. Both vulnerabilities have been resolved in HPE Networking Instant On software version 3.2.1.0 and above.

HPE also noted in its advisory that other devices, such as HPE Networking Instant On Switches, are not affected.

While there is no evidence that either of the flaws has come under active exploitation, users are advised to apply the updates as soon as possible to mitigate potential threats.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Recommended.

Ally CIO: Pace of tech change ‘weighs on me’

Ally CIO: Pace of tech change ‘weighs on me’

September 19, 2025
Subpostmaster was told no jury would believe Post Office had ‘dodgy computer’ | Computer Weekly

Subpostmaster was told no jury would believe Post Office had ‘dodgy computer’ | Computer Weekly

November 21, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio