Sophos has resolved an authentication bypass vulnerability in its AP6 Series Wireless Access Points that could allow attackers to gain administrator-level privileges.
The company discovered the issue during internal security testing and has released a firmware update to address it.
The security vulnerability allows an attacker with network access to the access point’s management IP address to bypass authentication controls. A successful exploit grants the threat actor administrator privileges on the affected device.
This elevated access could be leveraged to control the access point, intercept or manipulate network traffic, disrupt wireless connectivity, or use the compromised device as a pivot point to launch further attacks within the network.
Sophos reported that the vulnerability was found by its own team, highlighting a proactive approach to product security.
The nature of the flaw, requiring access to the management interface, suggests that the primary risk is from attackers already on the local network.
Sophos Wireless Access Points Vulnerability
This vulnerability affects Sophos AP6 Series Wireless Access Points running firmware versions prior to 1.7.2563 (MR7). To address the issue, Sophos has included a fix in firmware version 1.7.2563 (MR7), which was released after August 11, 2025.
Administrators managing these devices are urged to verify that their access points are running this version or a later one to ensure they are protected.
Any organization using older firmware versions remains vulnerable and must upgrade to receive the security fix and shield their networks from potential exploitation.
For most customers, the remediation process is automatic. Sophos AP6 devices are configured by default to install updates automatically, meaning the patched firmware will be applied without requiring manual intervention.
This default policy ensures that the majority of users are protected seamlessly. However, customers who have intentionally opted out of automatic updates must take manual action.
These users are required to upgrade their AP6 Series firmware to version 1.7.2563 (MR7) or a more recent version to apply the patch.
Failing to update leaves the wireless access points exposed to this critical authentication bypass risk.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
