Critical Vulnerability Information Vulnerability Name: Anevia Flamingo XL 3.2.9 - Remote Root Jailbreak EDB-ID: 51516 CVE: N/A Author: LIQUIDWORM Type: REMOTE Platform: HARDWARE Date: 2023-06-14 Affected Version: 3.2.9 Hardware Version: 1.0 SoapLive Version: 2.0.3 Vulnerability Description Flamingo XL is a new modular and high-density IPTV backend product designed for the hotel and enterprise markets. Flamingo XL captures live TV and broadcast content from satellite, cable, digital terrestrial, and analog sources, then streams it over an IP network to STBs, PCs, or other IP-connected devices. Flamingo XL is based on a modular 4U rack-mounted hardware platform, enabling hotel and enterprise video service providers to deliver hybrid channels from various sources over an internal IP network. Vulnerability Discoverer Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID and URL ID: ZSL-2023-5780 URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5780.php Vulnerability Details Test Command: Command Prompt: Available Commands: bonding, config, date, dns, enable, ethconfig, exit, exp, firewall, help, hostname, http, igmpq, imp, ipconfig, license, log, mail, passwd, persistent_logs, ping, reboot, reset, route, serial, settings, sslconfig, tcpdump, timezone, traceroute, upgrade, uptime, version, vlanconfig File System and Directory Structure: Lists files and permissions in directories such as , , etc. Conclusion This vulnerability allows remote attackers to gain root access via SSH and execute various commands, thereby achieving full control over the device.