CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-58338

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.9%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.ateme.com
https://www.exploit-db.com/exploits/51516
https://www.vulncheck.com/advisories/anevia-flamingo-xl-remote-root-jailbreak-via-traceroute-command
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5780.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5780.php

Products affected by CVE-2024-58338

Ateme » Flamingo Xl » Version: N/A

cpe:2.3:h:ateme:flamingo_xl:-
Ateme » Flamingo Xl Firmware » Version: 3.2.9

cpe:2.3:o:ateme:flamingo_xl_firmware:3.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-58338

Products

Pricing

Contact Us