2362311 – (CVE-2024-6198) CVE-2024-6198 Viasat firmware: SNORE Interface Unauthenticated Remote Code Execution

Bug 2362311 (CVE-2024-6198) - CVE-2024-6198 Viasat firmware: SNORE Interface Unauthenticated Remote Code Execution

Summary: CVE-2024-6198 Viasat firmware: SNORE Interface Unauthenticated Remote Code Ex...

Keywords:
Status:	NEW
Alias:	CVE-2024-6198
Product:	Security Response
Classification:	Other
Component:	vulnerability-draft
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-25 14:01 UTC by OSIDB Bzimport
Modified:	2025-09-12 18:00 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-04-25 14:01:22 UTC

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker
with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

Note You need to log in before you can comment on or make changes to this bug.