CVE-2023-53983

Summary

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms.

Affected Software

VendorProductVersion RangeStatus
AtemeAnevia Flamingo XL/XS3.6.20affected
AtemeAnevia Flamingo XL/XS3.2.9affected
AtemeSoapLive2.4.1affected
AtemeSoapLive2.0.3affected
AtemeSoapSystem1.3.1affected

Weaknesses

  • CWE-798: Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References