CVE-2023-53983

Description

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms.

PUBLISHED Reserved 2025-12-20 | Published 2025-12-30 | Updated 2025-12-30 | Assigner VulnCheck

Problem types

Use of Hard-coded Credentials

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5777.php (Zero Science Lab Disclosure (ZSL-2023-5777)) third-party-advisory

packetstormsecurity.com/...efault-Hardcoded-Credentials.html (Packet Storm Security Exploit Details) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/259059 (IBM X-Force Vulnerability Exchange Entry) vdb-entry

cxsecurity.com/issue/WLB-2023060019 (CXSecurity Vulnerability Listing) third-party-advisory

www.ateme.com/ (Ateme Vendor Homepage) vendor-advisory

www.vulncheck.com/...fault-credentials-authentication-bypass (VulnCheck Advisory: Anevia Flamingo XL/XS 3.6.20 Default Credentials Authentication Bypass) third-party-advisory

cve.org (CVE-2023-53983)

nvd.nist.gov (CVE-2023-53983)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.