CVE-2024-6199

Vulnerability Description

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

Related Weaknesses (CWE)

CWE-120

References

https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-

FAQ

What is CVE-2024-6199?

CVE-2024-6199 is a documented vulnerability. An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that...

How severe is CVE-2024-6199?

CVSS scoring is not yet available for CVE-2024-6199. Check NVD for updates.

Is there a patch for CVE-2024-6199?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.