CVE-2023-53983
CRITICALAnevia Flamingo XL/XS <3.6.20 - Privilege Escalation
Title source: llmDescription
Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms.
References (6)
Core 6
Core References
Exploit, Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5777.php
Third Party Advisory exploit
https://packetstormsecurity.com/files/172875/Anevia-Flamingo-XL-XS-3.6.x-Default-Hardcoded-Credentials.html
Third Party Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/259059
Third Party Advisory third-party-advisory
https://cxsecurity.com/issue/WLB-2023060019
Product vendor-advisory
https://www.ateme.com/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/anevia-flamingo-xlxs-default-credentials-authentication-bypass
Scores
CVSS v3
9.8
EPSS
0.0058
EPSS Percentile
42.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (7)
ateme/flamingo_xl_firmware
3.2.9
ateme/flamingo_xl_firmware
3.6.20
ateme/flamingo_xs_firmware
3.2.9
ateme/flamingo_xs_firmware
3.6.20
ateme/soaplive
2.0.3
ateme/soaplive
2.4.1
ateme/soapsystem
1.3.1
Published
Dec 30, 2025
Tracked Since
Feb 18, 2026