Anevia Flamingo XL/XS 3.6.20 Default Credentials Authentication Bypass

Advisories

Anevia Flamingo XL/XS 3.6.20 Default Credentials Authentication Bypass

severity: critical
date: 12/30/2025
Affecting: Anevia Flamingo XL/XS 3.6.20, 3.2.9
SoapLive 2.4.1, 2.0.3
SoapSystem 1.3.1
CVE: CVE-2023-53983
CWE: CWE-798 Use of Hard-coded Credentials
CVSS: 9.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: Zero Science Lab Disclosure (ZSL-2023-5777)
Packet Storm Security Exploit Details
IBM X-Force Vulnerability Exchange Entry
CXSecurity Vulnerability Listing
Ateme Vendor Homepage
Credit: LiquidWorm as Gjoko Krstic of Zero Science Lab
Description: Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo