Matthew Sheimo

**Name of the Vulnerable Software and Affected Versions** ZyXEL PK5001Z (affected versions not specified) **Description** The issue allows remote attackers to obtain root access if a non-root account password is known or a non-root default account exists. This is due to the use of a default su password, `zyad5001`, which can be exploited when combined with knowledge of a non-root account password or the presence of a non-root default account within an ISP's deployment of these devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.