ByteOS Network

CVE Vulnerability Details :

CVE-2024-6198

PUBLISHED

More Info Official Page

Assigner-ONEKEY

Assigner Org ID-2d533b80-6e4a-4e20-93e2-171235122846

Published At-25 Apr, 2025 | 13:02

Updated At-26 Feb, 2026 | 18:28

▼CVE Numbering Authority (CNA)

SNORE Interface Unauthenticated Remote Code Execution

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

Affected Products

Vendor

ViaSat

Product

RM4100

Default Status

unaffected

Versions

Affected

From 0 before 3.8.0.4 (semver)

Vendor

Viasat

Product

RM4200

Default Status

unaffected

Versions

Affected

From 0 before 3.8.0.4 (semver)

Vendor

Viasat

Product

EM4100

Default Status

unaffected

Versions

Affected

From 0 before 3.8.0.4 (semver)

Vendor

Viasat

Product

RM5110

Default Status

unaffected

Versions

Affected

From 0 through 4.3.0.1 (semver)

Vendor

Viasat

Product

RM5111

Default Status

unaffected

Versions

Affected

From 0 through 4.3.0.1 (semver)

Vendor

Viasat

Product

RG1000

Default Status

unaffected

Versions

Affected

From 0 through 4.3.0.1 (semver)

Vendor

Viasat

Product

RG1100

Default Status

unaffected

Versions

Affected

From 0 through 4.3.0.1 (semver)

Vendor

Viasat

Product

EG1000

Default Status

unaffected

Versions

Affected

From 0 through 4.3.0.1 (semver)

Vendor

Viasat

Product

EG1020

Default Status

unaffected

Versions

Affected

From 0 through 4.3.0.1 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-120	CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Type: CWE

CWE ID: CWE-120

Description: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Metrics

Version	Base score	Base severity	Vector
4.0	7.7	HIGH	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red

Version: 4.0

Base score: 7.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red

Impacts

CAPEC ID	Description
CAPEC-100	CAPEC-100 Overflow Buffers

CAPEC ID: CAPEC-100

Description: CAPEC-100 Overflow Buffers

Solutions

Make sure your devices are online so they can receive the automated update from Viasat. Make sure your device received the update by getting the running version using the administrative interface.

Credits

finder

Quentin Kaiser from ONEKEY Research Labs

Timeline

Event	Date
Initial coordinated vulnerability disclosure request	2024-05-13 09:13:00
Report sent to ViaSat	2024-05-28 07:15:00
Call between ViaSat and ONEKEY for vulnerability assessment	2024-06-19 14:00:00
Coordinated disclosure by ONEKEY and Viasat	2025-04-25 13:00:00

Event: Initial coordinated vulnerability disclosure request

Date: 2024-05-13 09:13:00

Event: Report sent to ViaSat

Date: 2024-05-28 07:15:00

Event: Call between ViaSat and ONEKEY for vulnerability assessment

Date: 2024-06-19 14:00:00

Event: Coordinated disclosure by ONEKEY and Viasat

Date: 2025-04-25 13:00:00

References

Hyperlink	Resource
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198	third-party-advisory technical-description

Hyperlink: https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198

Resource:

third-party-advisory

technical-description

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References