CVE-2024-58338
CRITICAL WAF: High
CVSS 10.0
Published: 2025-12-30
CWE-78 CWE-78
Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ateme | flamingo_xl_firmware | 3.2.9 |
References
- www.ateme.com (Product)
- www.exploit-db.com (Exploit, Third Party Advisory)
- www.vulncheck.com (Third Party Advisory)
- www.zeroscience.mk (Third Party Advisory)