CVE-2016-2310
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
09/06/2016
Last modified:
12/04/2025
Description
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ge:multilink_firmware:*:*:*:*:*:*:*:* | 5.5.0 (including) | |
| cpe:2.3:h:ge:multilink_ml1200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ge:multilink_ml1600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ge:multilink_ml2400:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ge:multilink_ml800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ge:multilink_ml810:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ge:multilink_ml3000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ge:multilink_ml3100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ge:multilink_ml810:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ge:multilink_firmware:*:*:*:*:*:*:*:* | 5.5.0k (including) |
To consult the complete list of CPE names with products and versions, see this page