Home

Description

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

PUBLISHED Reserved 2024-06-20 | Published 2025-04-25 | Updated 2026-02-26 | Assigner ONEKEY




HIGH: 7.7CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unaffected

Any version before 3.8.0.4
affected

Default status
unaffected

Any version before 3.8.0.4
affected

Default status
unaffected

Any version before 3.8.0.4
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Timeline

2024-05-13:Initial coordinated vulnerability disclosure request
2024-05-28:Report sent to ViaSat
2024-06-19:Call between ViaSat and ONEKEY for vulnerability assessment
2025-04-25:Coordinated disclosure by ONEKEY and Viasat

Credits

Quentin Kaiser from ONEKEY Research Labs finder

References

www.onekey.com/...dvisory-rce-on-viasat-modems-cve-2024-6198 third-party-advisory technical-description

cve.org (CVE-2024-6198)

nvd.nist.gov (CVE-2024-6198)

Download JSON