What is the severity of CVE-2016-2310?

CVE-2016-2310 has a high severity level due to the presence of hardcoded credentials that allow unauthorized remote access to configuration settings.

How do I fix CVE-2016-2310?

To fix CVE-2016-2310, update the GE Multilink switches to firmware version 5.5.0 or later.

Which GE Multilink switches are affected by CVE-2016-2310?

The affected switches include GE Multilink ML800, ML1200, ML1600, ML2400 with firmware before 5.5.0 and ML810, ML3000, and ML3100 with firmware before 5.5.0k.

What are the potential risks associated with CVE-2016-2310?

The potential risks include unauthorized modification of configuration settings and possible disruption of network operations.

Is there a workaround for CVE-2016-2310 if I cannot update the firmware?

There is no effective workaround for CVE-2016-2310, and the recommended action is to update to a secure version as soon as possible.

Vulnerability/
CVE-2016-2310

critical

CWE

798

9/6/2016

5/8/2024

CVE-2016-2310

First published: Thu Jun 09 2016(Updated: )

General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Ge Multilink Firmware	<=5.5.0
GE Multilink ML1200 Firmware
Ge Multilink ML1600 Firmware
Ge Multilink Ml2400 Firmware
Ge Multilink ML800 Firmware
Ge Multilink ML810 Firmware
Ge Multilink Ml3000 Firmware
GE Multilink ML3100
Ge Multilink Firmware	<=5.5.0k

Never miss a vulnerability like this again

Reference Links

https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01

Frequently Asked Questions

What is the severity of CVE-2016-2310?
CVE-2016-2310 has a high severity level due to the presence of hardcoded credentials that allow unauthorized remote access to configuration settings.
How do I fix CVE-2016-2310?
To fix CVE-2016-2310, update the GE Multilink switches to firmware version 5.5.0 or later.
Which GE Multilink switches are affected by CVE-2016-2310?
The affected switches include GE Multilink ML800, ML1200, ML1600, ML2400 with firmware before 5.5.0 and ML810, ML3000, and ML3100 with firmware before 5.5.0k.
What are the potential risks associated with CVE-2016-2310?
The potential risks include unauthorized modification of configuration settings and possible disruption of network operations.
Is there a workaround for CVE-2016-2310 if I cannot update the firmware?
There is no effective workaround for CVE-2016-2310, and the recommended action is to update to a secure version as soon as possible.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/references
agent/author
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ge
canonical/ge multilink firmware
version/ge multilink firmware/5.5.0
canonical/ge multilink ml1200 firmware
canonical/ge multilink ml1600 firmware
canonical/ge multilink ml2400 firmware
canonical/ge multilink ml800 firmware
canonical/ge multilink ml810 firmware
canonical/ge multilink ml3000 firmware
canonical/ge multilink ml3100
version/ge multilink firmware/5.5.0k

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.