CVE-2024-6198

Summary

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

Affected Software

VendorProductVersion RangeStatus
ViaSatRM41000 < 3.8.0.4affected
ViasatRM42000 < 3.8.0.4affected
ViasatEM41000 < 3.8.0.4affected
ViasatRM51100 <= 4.3.0.1affected
ViasatRM51110 <= 4.3.0.1affected
ViasatRG10000 <= 4.3.0.1affected
ViasatRG11000 <= 4.3.0.1affected
ViasatEG10000 <= 4.3.0.1affected
ViasatEG10200 <= 4.3.0.1affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References