Zyxel · Zyxel Pk5001Z · CVE-2016-10401
**Name of the Vulnerable Software and Affected Versions**
ZyXEL PK5001Z (affected versions not specified)
**Description**
The issue allows remote attackers to obtain root access if a non-root account password is known or a non-root default account exists. This is due to the use of a default su password, `zyad5001`, which can be exploited when combined with knowledge of a non-root account password or the presence of a non-root default account within an ISP's deployment of these devices.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.