Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-6199
PUBLISHED
More InfoOfficial Page
Assigner-ONEKEY
Assigner Org ID-2d533b80-6e4a-4e20-93e2-171235122846
View Known Exploited Vulnerability (KEV) details
Published At-25 Apr, 2025 | 13:02
Updated At-25 Apr, 2025 | 14:25
Rejected At-
▼CVE Numbering Authority (CNA)
Unauthenticated Remote Code Execution

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

Affected Products
Vendor
ViaSat
Product
RM5110
Modules
  • DDNS
Default Status
unaffected
Versions
Affected
  • From 0 through 4.3.0.2 (semver)
Vendor
ViaSat
Product
RM5111
Modules
  • DDNS
Default Status
unaffected
Versions
Affected
  • From 0 through 4.3.0.2 (semver)
Vendor
Viasat
Product
RG1100
Modules
  • DDNS
Default Status
unaffected
Versions
Affected
  • From 0 through 4.3.0.2 (semver)
Vendor
Viasat
Product
EG1000
Default Status
unaffected
Versions
Affected
  • From 0 through 4.3.0.2 (semver)
Vendor
Viasat
Product
EG1020
Default Status
unaffected
Versions
Affected
  • From 0 through 4.3.0.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
4.07.7HIGH
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red
Version: 4.0
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions

A patch has been deployed by Viasat through the auto-update mechanism. Make sure you're running on a version above 4.3.0.2 to validate that your modem was updated.

Configurations

Dynamic DNS feature must be enabled for the modem to be vulnerable.

Workarounds

Disable Dynamic DNS on your modem.

Exploits
Credits
finder
Quentin Kaiser from ONEKEY Research Labs
Timeline
EventDate
Initial coordinated vulnerability disclosure request2024-05-13 09:13:00
Report sent to ViaSat2024-12-05 13:06:00
Call between ViaSat and ONEKEY for vulnerability assessment2024-06-19 14:00:00
Coordinated disclosure by ONEKEY and Viasat2025-04-25 13:00:00
Event: Initial coordinated vulnerability disclosure request
Date: 2024-05-13 09:13:00
Event: Report sent to ViaSat
Date: 2024-12-05 13:06:00
Event: Call between ViaSat and ONEKEY for vulnerability assessment
Date: 2024-06-19 14:00:00
Event: Coordinated disclosure by ONEKEY and Viasat
Date: 2025-04-25 13:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199
third-party-advisory
technical-description
Hyperlink: https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199
Resource:
third-party-advisory
technical-description
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found