CVE-2024-58338

CVSS v3.1

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Anevia Flamingo XL version 3.2.9

Description The Flamingo XL IPTV station firmware contains flaws in access control. Exploitation of this issue allows a remote attacker to bypass the sandboxing protection mechanism, escalate privileges, and execute arbitrary commands. The traceroute command can be exploited to inject shell commands and gain full root access to the device, bypassing the restricted login environment.

Recommendations Versions prior to 3.2.9 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Incorrect Privilege Assignment

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-78

Related Identifiers

BDU:2026-00333

CVE-2024-58338

Affected Products

Anevia Flamingo Xl/Xs

CVE-2024-58338

Weakness Enumeration

Related Identifiers

Affected Products

References · 14