CVE-2016-10401

{"id": "CVE-2016-10401", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-07-25T18:29:01.027", "references": [{"url": "https://forum.openwrt.org/viewtopic.php?id=62266", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/43105/", "source": "cve@mitre.org"}, {"url": "https://forum.openwrt.org/viewtopic.php?id=62266", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/43105/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices)."}, {"lang": "es", "value": "Los dispositivos PK5001Z de ZyXEL tienen zyad5001 como su contrase\u00f1a, lo que facilita a los atacantes remotos obtener acceso root si una contrase\u00f1a de cuenta no root se conoce (o si existe una cuenta por defecto no root dentro de una implementaci\u00f3n ISP de estos dispositivos)."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:pk5001z_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7106F708-4084-4A82-9038-A693C27BC299"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:pk5001z:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B030BCBD-D3FA-40A7-BBBC-81F63E0F4214"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}