Cyber Resilience

CVE-2023-53983

CriticalPublic PoC

Published: 30 December 2025

Published
30 December 2025
Modified
16 January 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0058 43.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2023-53983 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Ateme Flamingo Xl Firmware. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 43.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2023-53983 is a critical vulnerability in Anevia Flamingo XL/XS version 3.6.20, stemming from weak default administrative credentials that are hard-coded and easily guessable, classified under CWE-798 (Use of Hard-coded Credentials). This flaw allows attackers to bypass authentication mechanisms entirely. The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete compromise.

Remote attackers require no privileges, special access, or user interaction to exploit this issue over the network with low complexity. Successful exploitation grants full remote system control, enabling unauthorized access to confidential data, modification of system integrity, and disruption of availability.

Advisories detailing mitigation are available in references such as the VulnCheck advisory (https://www.vulncheck.com/advisories/anevia-flamingo-xlxs-default-credentials-authentication-bypass), Packet Storm report (https://packetstormsecurity.com/files/172875/Anevia-Flamingo-XL-XS-3.6.x-Default-Hardcoded-Credentials.html), CXSecurity (https://cxsecurity.com/issue/WLB-2023060019), IBM X-Force Exchange (https://exchange.xforce.ibmcloud.com/vulnerabilities/259059), and the vendor site (https://www.ateme.com/). Practitioners should consult these for patch availability or credential change guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Hard-coded default credentials enable use of default accounts (T1078.001); vulnerability in public-facing application allows remote exploitation (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-10850Shared CWE-798
CVE-2024-8893Shared CWE-798
CVE-2024-57040Shared CWE-798
CVE-2026-25202Shared CWE-798
CVE-2025-67418Shared CWE-798
CVE-2025-9497Shared CWE-798
CVE-2026-3873Shared CWE-798
CVE-2026-22769Shared CWE-798
CVE-2026-1221Shared CWE-798
CVE-2022-50696Shared CWE-798

Affected Assets

ateme
flamingo xl firmware
3.2.9, 3.6.20
ateme
flamingo xs firmware
3.2.9, 3.6.20
ateme
soaplive
2.0.3, 2.4.1
ateme
soapsystem
1.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 requires managing authenticators to ensure sufficient strength of mechanism and proper initial content, directly preventing exploitation of weak, hard-coded default administrative credentials.

prevent

AC-2 mandates comprehensive account management including creation, modification, review, and disabling of privileged accounts to eliminate or secure default credentials.

prevent

SI-2 requires timely flaw remediation, such as applying vendor patches or changing hard-coded credentials as advised, to correct this specific vulnerability.

References