CVE-2024-58338

Sažetak

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.

Reference

https://www.ateme.com
https://www.exploit-db.com/exploits/51516
https://www.vulncheck.com/advisories/anevia-flamingo-xl-remote-root-jailbreak-via-traceroute-command
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5780.php

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

30-12-2025 - 23:15

Objavljeno

30-12-2025 - 23:15