Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2024-58338
Critical
Low
Medium
High
Critical
9.8
CVSS Score
Published: Dec 30, 2025
Last Modified: Jan 14, 2026
Vulnerability Description
Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
1 configuration(s) from 1 vendor(s)
flamingo_xl_firmware
Version:
3.2.9
CPE:
cpe:2.3:o:ateme:flamingo_xl_firmware:3.2.9:*:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
https://www.ateme.comdisclosure@vulncheck.com Product
-
https://www.exploit-db.com/exploits/51516disclosure@vulncheck.com Exploit Third Party Advisory
-
https://www.vulncheck.com/advisories/anevia-flamingo-xl-remote-root-jailbreak-via-traceroute-commanddisclosure@vulncheck.com Third Party Advisory
-
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5780.phpdisclosure@vulncheck.com Third Party Advisory
-
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5780.php134c704f-9b21-4f2e-91b3-4a467353bcc0 Third Party Advisory
Severity Details
9.8
out of 10.0
Critical
Key Information
- Published Date
- December 30, 2025
