Primary

Context

HPE Aruba Networking 501 Wireless Client Bridge Authenticated Remote Command Injection Vulnerability

Vulnerability

Multiple command injection vulnerabilities have been identified in the web interface of the HPE Aruba Networking 501 Wireless Client Bridge, specifically in versions through V2.1.1.0-B0030. These vulnerabilities allow authenticated users to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system.

Impact

Successful exploitation allows authenticated users to execute arbitrary commands with elevated privileges on the device's operating system.

Remediation

Users can upgrade to HPE Aruba Networking 501 Wireless Client Bridge software version V2.1.2.0-B0033 and above to address these vulnerabilities. The updated software can be downloaded from the HPE Networking Support Portal.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HPE Aruba Networking 501 Wireless Client Bridge Authenticated Remote Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating