PT-2025-17902 · Lighttpd+1 · Lighttpd+1
Quentin Kaiser
·
Published
2025-04-25
·
Updated
2025-05-20
·
CVE-2024-6198
CVSS v4.0
7.7
High
| Vector | AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red |
Name of the Vulnerable Software and Affected Versions
Viasat modems (affected versions not specified)
Description
The device exposes a web interface on ports TCP/3030 and TCP/9882, running lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem. The vulnerability can lead to remote code execution and denial of service.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Viasat Modems
Lighttpd