// For flags

CVE-2016-2310

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.

Switches General Electric (GE) Multilink ML800, ML1200, ML1600 y ML2400 con firmware en versiones anteriores a 5.5.0 y switches ML810, ML3000 y ML3100 con firmware en versiones anteriores a 5.5.0k tienen credenciales embebidas, lo que permite a atacantes remotos modificar ajustes de configuración a través de la interfaz web.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-02-09 CVE Reserved
  • 2016-06-09 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ge
Search vendor "Ge"
Multilink Firmware
Search vendor "Ge" for product "Multilink Firmware"
<= 5.5.0
Search vendor "Ge" for product "Multilink Firmware" and version " <= 5.5.0"
-
Affected
in Ge
Search vendor "Ge"
Multilink Ml1200
Search vendor "Ge" for product "Multilink Ml1200"
--
Safe
Ge
Search vendor "Ge"
Multilink Firmware
Search vendor "Ge" for product "Multilink Firmware"
<= 5.5.0
Search vendor "Ge" for product "Multilink Firmware" and version " <= 5.5.0"
-
Affected
in Ge
Search vendor "Ge"
Multilink Ml1600
Search vendor "Ge" for product "Multilink Ml1600"
--
Safe
Ge
Search vendor "Ge"
Multilink Firmware
Search vendor "Ge" for product "Multilink Firmware"
<= 5.5.0
Search vendor "Ge" for product "Multilink Firmware" and version " <= 5.5.0"
-
Affected
in Ge
Search vendor "Ge"
Multilink Ml2400
Search vendor "Ge" for product "Multilink Ml2400"
--
Safe
Ge
Search vendor "Ge"
Multilink Firmware
Search vendor "Ge" for product "Multilink Firmware"
<= 5.5.0
Search vendor "Ge" for product "Multilink Firmware" and version " <= 5.5.0"
-
Affected
in Ge
Search vendor "Ge"
Multilink Ml800
Search vendor "Ge" for product "Multilink Ml800"
--
Safe
Ge
Search vendor "Ge"
Multilink Firmware
Search vendor "Ge" for product "Multilink Firmware"
<= 5.5.0
Search vendor "Ge" for product "Multilink Firmware" and version " <= 5.5.0"
-
Affected
in Ge
Search vendor "Ge"
Multilink Ml810
Search vendor "Ge" for product "Multilink Ml810"
--
Safe
Ge
Search vendor "Ge"
Multilink Firmware
Search vendor "Ge" for product "Multilink Firmware"
<= 5.5.0k
Search vendor "Ge" for product "Multilink Firmware" and version " <= 5.5.0k"
-
Affected
in Ge
Search vendor "Ge"
Multilink Ml3000
Search vendor "Ge" for product "Multilink Ml3000"
--
Safe
Ge
Search vendor "Ge"
Multilink Firmware
Search vendor "Ge" for product "Multilink Firmware"
<= 5.5.0k
Search vendor "Ge" for product "Multilink Firmware" and version " <= 5.5.0k"
-
Affected
in Ge
Search vendor "Ge"
Multilink Ml3100
Search vendor "Ge" for product "Multilink Ml3100"
--
Safe
Ge
Search vendor "Ge"
Multilink Firmware
Search vendor "Ge" for product "Multilink Firmware"
<= 5.5.0k
Search vendor "Ge" for product "Multilink Firmware" and version " <= 5.5.0k"
-
Affected
in Ge
Search vendor "Ge"
Multilink Ml810
Search vendor "Ge" for product "Multilink Ml810"
--
Safe