← Volver a CVEs
CVE-2024-58338
CRITICAL10.0
Descripcion
Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.
Detalles CVE
Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/30/2025
Ultima modificacion1/16/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
ateme:flamingo_xlateme:flamingo_xl_firmware
Debilidades (CWE)
CWE-78CWE-78
Referencias
https://www.ateme.com(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/51516(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/anevia-flamingo-xl-remote-root-jailbreak-via-traceroute-command(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5780.php(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5780.php(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.