CVE-2024-6199

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNSservices and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem.

Customers that have not enabled Dynamic DNS on their modem are not vulnerable.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
ONEKEYCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Common Weakness Enumeration
References
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199