An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).
The vulnerability classified as CWE-620 (Unverified Password Change) allows an attacker to bypass the identity verification mechanisms built into the device software. A remote attacker, without authentication and without any user interaction, can obtain full administrative privileges on the device. The network attack vector (AV:N) combined with low attack complexity (AC:L) and no privilege requirements (PR:N) means that the exploit is trivial to execute from anywhere on the network.
An attacker gains full administrative control over the access point, allowing them to modify wireless network configuration, intercept network traffic, create backdoors, and potentially leverage the device as a pivot point for further lateral movement within the network.
Update the firmware of Sophos AP6 Series devices as soon as possible to version 1.7.2563 (MR7) or newer. Detailed instructions are available in the official security advisory from the vendor: https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6
Sophos AP6 Series Wireless Access Points with firmware older than version 1.7.2563 (MR7)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H