CVE-2024-6199 | THREATINT

Description

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

PUBLISHED Reserved 2024-06-20 | Published 2025-04-25 | Updated 2025-04-25 | Assigner ONEKEY

HIGH: 7.7CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Timeline

2024-05-13:	Initial coordinated vulnerability disclosure request
2024-12-05:	Report sent to ViaSat
2024-06-19:	Call between ViaSat and ONEKEY for vulnerability assessment
2025-04-25:	Coordinated disclosure by ONEKEY and Viasat

Credits

Quentin Kaiser from ONEKEY Research Labs finder

References

www.onekey.com/...dvisory-rce-on-viasat-modems-cve-2024-6199 third-party-advisory technical-description

cve.org (CVE-2024-6199)

nvd.nist.gov (CVE-2024-6199)

Download JSON