CVE-2024-58338 HIGH

CVE-2024-58338: Anevia Flamingo XL 3.2.9 Remote Root Jailbreak via Traceroute Command

Vendor Ateme

Product Flamingo XL

Weakness CWE-78

Published December 30, 2025

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.

Key dates

02Disclosure timeline

December 30, 2025 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-58338 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2024-58338: Anevia Flamingo XL 3.2.9 Remote Root Jailbreak via Traceroute Command

01Description

02Disclosure timeline

03References

04Related CVE