CVE-2016-10401

CVE-2016-10401 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 1 public exploit from researchers including Matthew Sheimo.

AI-analyzed exploit summary This exploit leverages hardcoded credentials for the ZyXEL PK5001Z modem, allowing authentication bypass via Telnet with 'admin:CenturyL1nk' and privilege escalation to root using 'su' with password 'zyad5001'. The PoC demonstrates a trivial authentication bypass and local privilege escalation.

ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).