SB2026011555 - Multiple vulnerabilities in HPE Networking Instant On Access Points
Published: January 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2023-52340)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing very large ICMPv6 packets. A remote attacker can send a flood of IPv6 ICMP6 PTB messages, cause the high lock contention and increased CPU usage, leading to a denial of service.
Successful vulnerability exploitation requires a attacker to be on the local network or have a high bandwidth connection.
2) Memory leak (CVE-ID: CVE-2022-48839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
3) Information disclosure (CVE-ID: CVE-2025-37165)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the router mode configuration. A remote attacker on the local network can inspect network packets to obtain VLAN and internal network configuration details.
4) Input validation error (CVE-ID: CVE-2025-37166)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted packets to the device and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.