CVE-2024-6198

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements theSNORE interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker
with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on themodem.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
ONEKEYCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Common Weakness Enumeration
References
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198