CVE-2023-53983

CRITICAL

Anevia Flamingo XL/XS <3.6.20 - Privilege Escalation

Title source: llm

Description

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms.

References (6)

[Third Party Advisory] https://cxsecurity.com/issue/WLB-2023060019

[Third Party Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/259059

[Third Party Advisory] https://packetstormsecurity.com/files/172875/Anevia-Flamingo-XL-XS-3.6.x-Default-Hardcoded-Credentials.html

[Product] https://www.ateme.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/anevia-flamingo-xlxs-default-credentials-authentication-bypass

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5777.php

Scores

CVSS v3 9.8

EPSS 0.0058

EPSS Percentile 68.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-798

Status published

Affected Products (7)

ateme/flamingo_xl_firmware

ateme/flamingo_xl_firmware

ateme/flamingo_xs_firmware

ateme/flamingo_xs_firmware

ateme/soaplive

ateme/soaplive

ateme/soapsystem

Timeline

Published Dec 30, 2025

Tracked Since Feb 18, 2026