Summary: A severe zero-day vulnerability (CVE-2024-6198) in Viasat satellite modem models allows for unauthenticated remote code execution due to a stack buffer overflow in the SNORE web interface. This flaw, discovered by ONEKEY Research Lab, affects devices connected over LAN or OTA interfaces, posing significant risks to sensitive infrastructures. Firmware versions below specific thresholds are vulnerable, but patches are available through automated updates.
Affected: Viasat satellite modems (RM4100, RM4200, EM4100, RM5110, RM5111, RG1000, RG1100, EG1000, EG1020)
Keypoints :
- Vulnerability identified by ONEKEY Research Lab allows unauthenticated remote code execution.
- The flaw is due to unsafe processing of HTTP requests in the SNORE interface’s CGI binary.
- Firmware versions below 3.8.0.4 for specific models and up to 4.3.0.1 for others are vulnerable; patches are available.
Source: https://gbhackers.com/viasat-modems-zero-day-vulnerabilities/