Security researcher Li Fengpei, a security researcher with Qihoo 360 Netlab, reports increased activity from Mirai-based IoT botnets. PoC exploit code was published online on October 31 but scans using this PoC started on Wednesday, November 22, according to a report Li shared with Bleeping Computer. The PoC is for a vulnerability in the old ZyXEL PK5001Z routers that came to light in January 2016 on the OpenWrt forums. The vulnerability (CVE-2016-10401) is a hidden su (super-user) password on the affected ZyxEL devices that elevates a user’s access to root level.
Source: https://www.bleepingcomputer.com/news/security/mirai-activity-picks-up-once-more-after-publication-of-poc-exploit-code/