Sign-up

ID

VAR-201707-0041


CVE

CVE-2016-10401


TITLE

ZyXEL PK5001Z Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-006833

DESCRIPTION

ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). ZyXEL PK5001Z The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyXELPK5001Zdevices is a wireless switch device from China's He Qin Technology. A security vulnerability exists in ZyXELPK5001Zdevices that allows remote attackers to exploit a vulnerability to submit a special request for root access. There is a security vulnerability in the ZyXEL PK5001Z device

Trust: 2.34

sources: NVD: CVE-2016-10401 // JVNDB: JVNDB-2017-006833 // CNVD: CNVD-2017-25518 // VULHUB: VHN-89174 // VULMON: CVE-2016-10401

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-25518

AFFECTED PRODUCTS

vendor:zyxelmodel:pk5001zscope:eqversion: -

Trust: 1.6

vendor:zyxelmodel:pk5001zscope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2017-25518 // JVNDB: JVNDB-2017-006833 // CNNVD: CNNVD-201707-1235 // NVD: CVE-2016-10401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10401
value: HIGH

Trust: 1.0

NVD: CVE-2016-10401
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-25518
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201707-1235
value: CRITICAL

Trust: 0.6

VULHUB: VHN-89174
value: HIGH

Trust: 0.1

VULMON: CVE-2016-10401
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-10401
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-25518
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-89174
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10401
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-25518 // VULHUB: VHN-89174 // VULMON: CVE-2016-10401 // JVNDB: JVNDB-2017-006833 // CNNVD: CNNVD-201707-1235 // NVD: CVE-2016-10401

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-89174 // JVNDB: JVNDB-2017-006833 // NVD: CVE-2016-10401

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1235

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201707-1235

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006833

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-89174 // 
            
            
            
            VULMON: CVE-2016-10401

PATCH
title:PK5001Zurl:https://www.zyxel.com/us/en/uploads/images/ds_PK5001Z.pdf
Trust: 0.8
title:ZyXELPK5001Z device ROOT access vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/101695
Trust: 0.6
title: - url:https://github.com/AnonOpsVN24/Aon-Sploit 
Trust: 0.1
title:oxasploitsurl:https://github.com/oxagast/oxasploits 
Trust: 0.1
title:Threatposturl:https://threatpost.com/newly-published-exploit-code-used-to-spread-marai-variant/128998/
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/mirai-activity-picks-up-once-more-after-publication-of-poc-exploit-code/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-25518 // 
            
            
            
            VULMON: CVE-2016-10401 // 
            
            
            
            JVNDB: JVNDB-2017-006833

EXTERNAL IDS
db:NVDid:CVE-2016-10401
Trust: 3.2
db:EXPLOIT-DBid:43105
Trust: 1.2
db:JVNDBid:JVNDB-2017-006833
Trust: 0.8
db:CNNVDid:CNNVD-201707-1235
Trust: 0.7
db:CNVDid:CNVD-2017-25518
Trust: 0.6
db:PACKETSTORMid:144851
Trust: 0.1
db:VULHUBid:VHN-89174
Trust: 0.1
db:VULMONid:CVE-2016-10401
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-25518 // 
            
            
            
            VULHUB: VHN-89174 // 
            
            
            
            VULMON: CVE-2016-10401 // 
            
            
            
            JVNDB: JVNDB-2017-006833 // 
            
            
            
            CNNVD: CNNVD-201707-1235 // 
            
            
            
            NVD: CVE-2016-10401

REFERENCES
url:https://forum.openwrt.org/viewtopic.php?id=62266
Trust: 3.2
url:https://www.exploit-db.com/exploits/43105/
Trust: 1.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10401
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-10401
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/newly-published-exploit-code-used-to-spread-marai-variant/128998/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-25518 // 
            
            
            
            VULHUB: VHN-89174 // 
            
            
            
            VULMON: CVE-2016-10401 // 
            
            
            
            JVNDB: JVNDB-2017-006833 // 
            
            
            
            CNNVD: CNNVD-201707-1235 // 
            
            
            
            NVD: CVE-2016-10401

SOURCES
db:CNVDid:CNVD-2017-25518
db:VULHUBid:VHN-89174
db:VULMONid:CVE-2016-10401
db:JVNDBid:JVNDB-2017-006833
db:CNNVDid:CNNVD-201707-1235
db:NVDid:CVE-2016-10401

LAST UPDATE DATE
2025-04-20T23:32:53.057000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-25518date:2017-09-07T00:00:00
db:VULHUBid:VHN-89174date:2017-11-03T00:00:00
db:VULMONid:CVE-2016-10401date:2017-11-03T00:00:00
db:JVNDBid:JVNDB-2017-006833date:2017-09-05T00:00:00
db:CNNVDid:CNNVD-201707-1235date:2017-07-26T00:00:00
db:NVDid:CVE-2016-10401date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-25518date:2017-09-07T00:00:00
db:VULHUBid:VHN-89174date:2017-07-25T00:00:00
db:VULMONid:CVE-2016-10401date:2017-07-25T00:00:00
db:JVNDBid:JVNDB-2017-006833date:2017-09-05T00:00:00
db:CNNVDid:CNNVD-201707-1235date:2017-07-26T00:00:00
db:NVDid:CVE-2016-10401date:2017-07-25T18:29:01.027