CVE-2016-10401

HIGH EXPLOITED IN THE WILD RANSOMWARE

Zyxel Pk5001z Firmware - Credentials Management

Title source: rule

Description

ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).

Exploits (2)

exploitdb WORKING POC

by Matthew Sheimo · textremotehardware

https://www.exploit-db.com/exploits/43105

View Code ZIP pw:eip

vulncheck_xdb

dos

https://github.com/oxagast/oxasploits

View on vulncheck_xdb

References (2)

[Exploit, Third Party Advisory] https://forum.openwrt.org/viewtopic.php?id=62266

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/43105/

Scores

CVSS v3 8.8

EPSS 0.1691

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2017-11-24

InTheWild.io 2022-05-25

Ransomware Use Confirmed

CWE

CWE-255

Status published

Products (1)

zyxel/pk5001z_firmware

Published Jul 25, 2017

Tracked Since Feb 18, 2026