cbcvebase.
CVE-2016-2310
published 2016-06-09

CVE-2016-2310: General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.22%
86.6th percentile
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.

Affected

2 ranges
VendorProductVersion rangeFixed in
gemultilink_firmware<= 5.5.0
gemultilink_firmware<= 5.5.0k

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for unexpected configuration changes on GE ML800, ML810, ML1200, ML1600, ML2400, ML3000, and ML3100 switches via the web interface, especially from unauthenticated or low-privilege remote sources — CVSS v3 score is 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
  • ·No known public exploits specifically target this vulnerability at time of advisory publication, and the actual hardcoded credential value is not disclosed in any source.
  • ·Exploitation requires only low skill and no authentication, making network-level blocking of web interface access to these devices a critical compensating control.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.