Vulnerability Description
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge | Multilink Firmware | <= 5.5.0 |
| Ge | Multilink Ml1200 | - |
| Ge | Multilink Ml1600 | - |
| Ge | Multilink Ml2400 | - |
| Ge | Multilink Ml800 | - |
| Ge | Multilink Ml810 | - |
| Ge | Multilink Ml3000 | - |
| Ge | Multilink Ml3100 | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-2310?
CVE-2016-2310 is a vulnerability with a CVSS score of 9.8 (CRITICAL). General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, whi...
How severe is CVE-2016-2310?
CVE-2016-2310 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-2310?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Multilink Firmware, Ge Multilink Ml1200, Ge Multilink Ml1600, Ge Multilink Ml2400, Ge Multilink Ml800.