CVE-2024-58338

Name of the Vulnerable Software and Affected Versions Anevia Flamingo XL version 3.2.9

Description The Flamingo XL IPTV station firmware contains flaws in access control. Exploitation of this issue allows a remote attacker to bypass the sandboxing protection mechanism, escalate privileges, and execute arbitrary commands. The traceroute command can be exploited to inject shell commands and gain full root access to the device, bypassing the restricted login environment.

Recommendations Versions prior to 3.2.9 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.