Security vulnerabilities discovered in WLAN access points from Extreme Networks

20250403_Cyber Security - Sicherheitslücken an AccessPoints entdeckt

A team of IT security researchers from the Department of Computer Science at Bonn-Rhein-Sieg University of Applied Sciences (H-BRS) has discovered several serious security vulnerabilities in AeroHive/Extreme Networks WLAN access points. The starting point was the analysis of used devices, whose firmware the team examined in detail. The researchers discovered a number of serious vulnerabilities - from authentication problems to complete system control by attackers.

A total of four CVEs were registered, including a complete authentication bypass (CVE-2025-27227) and several ways to gain root access to the devices (CVE-2025-27229, CVE-2025-27230). Particularly critical: A bug in the web server allowed attackers to gain access without valid login credentials. It was also possible to decrypt stored passwords (CVE-2025-27228) and parts of the previous owner's data could still be read despite resetting to factory settings.

Following the responsible disclosure of the vulnerabilities, the team worked closely with Extreme Networks to develop patches. Most of the problems have now been fixed. However, the researchers recommend that all users of these access points ensure that their devices are up to date and disable unnecessary services such as the web server.

This work is an example of how practical research at H-BRS can contribute to increasing digital security, both regionally and internationally.

The full report with technical details is publicly available on the researchers' GitHub profile.

to the researchers' GitHub profile