CVE-2024-6198

SNORE Interface Unauthenticated Remote Code Execution

Description

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

Remediation

Solution:

  • Make sure your devices are online so they can receive the automated update from Viasat. Make sure your device received the update by getting the running version using the administrative interface.

Category

7.7
CVSS
Severity: High
CVSS 4.0 •
EPSS 0.03%
Third-Party Advisory onekey.com
Affected: ViaSat RM4100
Affected: Viasat RM4200
Affected: Viasat EM4100
Affected: Viasat RM5110
Affected: Viasat RM5111
Affected: Viasat RG1000
Affected: Viasat RG1100
Affected: Viasat EG1000
Affected: Viasat EG1020
Published at:
Updated at:

References

Link Tags
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198 third party advisory technical description

Frequently Asked Questions

What is the severity of CVE-2024-6198?
CVE-2024-6198 has been scored as a high severity vulnerability.
How to fix CVE-2024-6198?
To fix CVE-2024-6198: Make sure your devices are online so they can receive the automated update from Viasat. Make sure your device received the update by getting the running version using the administrative interface.
Is CVE-2024-6198 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-6198 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-6198?
CVE-2024-6198 affects ViaSat RM4100, Viasat RM4200, Viasat EM4100, Viasat RM5110, Viasat RM5111, Viasat RG1000, Viasat RG1100, Viasat EG1000, Viasat EG1020.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.