During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.
The product initializes or sets a resource with a default that is intended to be changed by the product’s installer, administrator, or maintainer, but the default is not secure.