Main
Vulnerability Database
Exploits
ID:2204 - Exploit for Credentials management in ZyXEL PK5001Z - CVE-2016-10401
ID:2204 - Exploit for Credentials management in ZyXEL PK5001Z - CVE-2016-10401
Published: March 18, 2020
Vulnerability identifier: #VU12294
Vulnerability risk: Low
CVE-ID: CVE-2016-10401
CWE-ID: CWE-255
Exploitation vector: Remote access
Vulnerable software:
ZyXEL PK5001Z
ZyXEL PK5001Z
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to ZyXEL PK5001Z devices have zyad5001 as the su password. A remote attacker can gain root access if a non-root account password is known or a non-root default account exists within an ISP's deployment of the devices.
The weakness exists due to ZyXEL PK5001Z devices have zyad5001 as the su password. A remote attacker can gain root access if a non-root account password is known or a non-root default account exists within an ISP's deployment of the devices.
Remediation
Install update from vendor's website.