CVE-2024-6198

Vulnerability Description

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

Related Weaknesses (CWE)

CWE-120

References

https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-

FAQ

What is CVE-2024-6198?

CVE-2024-6198 is a documented vulnerability. The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnera...

How severe is CVE-2024-6198?

CVSS scoring is not yet available for CVE-2024-6198. Check NVD for updates.

Is there a patch for CVE-2024-6198?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.