Primary

Context

HPE Networking Instant On Access Points Authenticated Command Injection Vulnerability

Vulnerability

A command injection vulnerability allowing authenticated users with elevated privileges to execute arbitrary commands on the operating system as a highly privileged user has been identified in the command line interface of HPE Networking Instant On Access Points. This vulnerability affects access points running software version 3.2.0.1 and below.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the device's operating system with elevated privileges.

Remediation

Users are advised to upgrade to HPE Networking Instant On software version 3.2.1.0 or above. Instant On devices began automatic updates the week of June 30, 2025, but manual upgrades can be initiated via the Instant On app or web portal after the release date.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HPE Networking Instant On Access Points Authenticated Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating