CVE-2023-53983
Severity CVSS v4.0:
CRITICAL
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
30/12/2025
Last modified:
16/01/2026
Description
Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms.
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ateme:flamingo_xl_firmware:3.2.9:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ateme:flamingo_xl_firmware:3.6.20:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ateme:flamingo_xl:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ateme:flamingo_xl:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ateme:flamingo_xs_firmware:3.2.9:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ateme:flamingo_xs_firmware:3.6.20:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ateme:flamingo_xs:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ateme:flamingo_xs:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ateme:soaplive:2.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ateme:soaplive:2.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ateme:soapsystem:1.3.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://cxsecurity.com/issue/WLB-2023060019
- https://exchange.xforce.ibmcloud.com/vulnerabilities/259059
- https://packetstormsecurity.com/files/172875/Anevia-Flamingo-XL-XS-3.6.x-Default-Hardcoded-Credentials.html
- https://www.ateme.com/
- https://www.vulncheck.com/advisories/anevia-flamingo-xlxs-default-credentials-authentication-bypass
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5777.php
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5777.php