CVE-2024-6199

HIGH EPSS 6.3%

Published Apr 25, 20251y ago · Modified Jun 17, 20261w ago

7.7 CVSS 4.0

High

Published Apr 25, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

CVSS Details

Base Score

7.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Red

Attack Vector Adjacent

Attack Complexity High

Privileges Required None

User Interaction None

Scope N

Threat Intelligence

EPSS Exploit Probability

6.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-120

References 1

onekey.com https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.