[Security Vulnerability Alert] HPE's Networking Instant On wireless base stations have high-risk security vulnerabilities (CVE-2025-37102 and CVE-2025-37103). Please confirm and patch as soon as possible.

[Security Vulnerability Alert] HPE's Networking Instant On wireless base stations have high-risk security vulnerabilities (CVE-2025-37102 and CVE-2025-37103). Please confirm and patch as soon as possible.

2025/8/1 ～ 2026/2/1

View Count：36

Forwarded by the National Information Security Information Sharing and Analysis Center (NISAC-200-202507-00000230)

[Description]
Researchers have discovered two high-risk vulnerabilities (CVE-2025-37102 and CVE-2025-37103) in HPE's Networking Instant On wireless base stations. These vulnerabilities involve OS command injection and use of hard-coded credentials. The former allows a remote attacker with administrative privileges to inject arbitrary OS commands and execute them on the device, while the latter allows an unauthenticated remote attacker to use a fixed credential to log in to the system with administrator privileges. Please verify and patch these vulnerabilities as soon as possible.

[Affected Platforms]
HPE Networking Instant On Wireless Base Station Software Version 3.20.1 and below

[Recommended Action]
An official update has been released to fix the vulnerability. Please refer to the official instructions for updating:

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-37102
2. https://nvd.nist.gov/vuln/detail/CVE-2025-37103
3. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US

[Security Vulnerability Alert] HPE's Networking Instant On wireless base stations have high-risk security vulnerabilities (CVE-2025-37102 and CVE-2025-37103). Please confirm and patch as soon as possible.

2025/8/1 ～ 2026/2/1

View Count：36

Files

None

【Back】