← Volver a CVEs
CVE-2016-2310
CRITICAL9.8
Descripcion
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado6/9/2016
Ultima modificacion4/12/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
ge:multilink_firmwarege:multilink_ml1200ge:multilink_ml1600ge:multilink_ml2400ge:multilink_ml3000ge:multilink_ml3100ge:multilink_ml800ge:multilink_ml810
Debilidades (CWE)
CWE-798
Referencias
https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01(ics-cert@hq.dhs.gov)
https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.