Search criteria
1 vulnerability found for pk5001z by zyxel
VAR-201707-0041
Vulnerability from variot - Updated: 2025-04-20 23:32ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). ZyXEL PK5001Z The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyXELPK5001Zdevices is a wireless switch device from China's He Qin Technology. A security vulnerability exists in ZyXELPK5001Zdevices that allows remote attackers to exploit a vulnerability to submit a special request for root access. There is a security vulnerability in the ZyXEL PK5001Z device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0041",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pk5001z",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "pk5001z",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006833"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1235"
},
{
"db": "NVD",
"id": "CVE-2016-10401"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:pk5001z_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006833"
}
]
},
"cve": "CVE-2016-10401",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-10401",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-25518",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-89174",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-10401",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10401",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-10401",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-25518",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1235",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89174",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-10401",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25518"
},
{
"db": "VULHUB",
"id": "VHN-89174"
},
{
"db": "VULMON",
"id": "CVE-2016-10401"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006833"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1235"
},
{
"db": "NVD",
"id": "CVE-2016-10401"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP\u0027s deployment of these devices). ZyXEL PK5001Z The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyXELPK5001Zdevices is a wireless switch device from China\u0027s He Qin Technology. A security vulnerability exists in ZyXELPK5001Zdevices that allows remote attackers to exploit a vulnerability to submit a special request for root access. There is a security vulnerability in the ZyXEL PK5001Z device",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10401"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006833"
},
{
"db": "CNVD",
"id": "CNVD-2017-25518"
},
{
"db": "VULHUB",
"id": "VHN-89174"
},
{
"db": "VULMON",
"id": "CVE-2016-10401"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-89174",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43105",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89174"
},
{
"db": "VULMON",
"id": "CVE-2016-10401"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10401",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "43105",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006833",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1235",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-25518",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "144851",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-89174",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-10401",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25518"
},
{
"db": "VULHUB",
"id": "VHN-89174"
},
{
"db": "VULMON",
"id": "CVE-2016-10401"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006833"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1235"
},
{
"db": "NVD",
"id": "CVE-2016-10401"
}
]
},
"id": "VAR-201707-0041",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25518"
},
{
"db": "VULHUB",
"id": "VHN-89174"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25518"
}
]
},
"last_update_date": "2025-04-20T23:32:53.057000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PK5001Z",
"trust": 0.8,
"url": "https://www.zyxel.com/us/en/uploads/images/ds_PK5001Z.pdf"
},
{
"title": "ZyXELPK5001Z device ROOT access vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/101695"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/AnonOpsVN24/Aon-Sploit "
},
{
"title": "oxasploits",
"trust": 0.1,
"url": "https://github.com/oxagast/oxasploits "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/newly-published-exploit-code-used-to-spread-marai-variant/128998/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/mirai-activity-picks-up-once-more-after-publication-of-poc-exploit-code/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25518"
},
{
"db": "VULMON",
"id": "CVE-2016-10401"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006833"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006833"
},
{
"db": "NVD",
"id": "CVE-2016-10401"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://forum.openwrt.org/viewtopic.php?id=62266"
},
{
"trust": 1.3,
"url": "https://www.exploit-db.com/exploits/43105/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10401"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10401"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/newly-published-exploit-code-used-to-spread-marai-variant/128998/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25518"
},
{
"db": "VULHUB",
"id": "VHN-89174"
},
{
"db": "VULMON",
"id": "CVE-2016-10401"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006833"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1235"
},
{
"db": "NVD",
"id": "CVE-2016-10401"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-25518"
},
{
"db": "VULHUB",
"id": "VHN-89174"
},
{
"db": "VULMON",
"id": "CVE-2016-10401"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006833"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1235"
},
{
"db": "NVD",
"id": "CVE-2016-10401"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-25518"
},
{
"date": "2017-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-89174"
},
{
"date": "2017-07-25T00:00:00",
"db": "VULMON",
"id": "CVE-2016-10401"
},
{
"date": "2017-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006833"
},
{
"date": "2017-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1235"
},
{
"date": "2017-07-25T18:29:01.027000",
"db": "NVD",
"id": "CVE-2016-10401"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-25518"
},
{
"date": "2017-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-89174"
},
{
"date": "2017-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-10401"
},
{
"date": "2017-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006833"
},
{
"date": "2017-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1235"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10401"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZyXEL PK5001Z Vulnerabilities related to certificate and password management in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006833"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1235"
}
],
"trust": 0.6
}
}