CVE-2024-6198 is a stack-based buffer overflow vulnerability identified in the ViaSat RM4100 modem, specifically affecting its embedded web interface that listens on TCP ports 3030 and 9882. This interface runs the lighttpd web server implementing the SNORE interface, which suffers from insecure path parsing. The vulnerability stems from improper bounds checking during buffer copy operations (CWE-120), allowing an attacker with access to the local area network (LAN) to craft malicious HTTP requests that overflow a stack buffer. This overflow can corrupt memory, potentially enabling remote code execution or causing denial of service conditions. The attack vector requires network-level access to the LAN interface, and the attack complexity is high due to the need for precise request crafting. No authentication or user interaction is required, increasing the risk once the attacker is on the LAN. The CVSS v4.0 base score is 7.7 (high), reflecting the significant impact on confidentiality, integrity, and availability, but mitigated somewhat by the access and complexity requirements. As of the publication date, no patches or known exploits are publicly available, but the vulnerability is recognized by CISA and assigned the CWE-120 classification. This vulnerability poses a critical risk to organizations relying on ViaSat RM4100 devices for satellite internet connectivity, especially in environments where LAN access controls are weak or compromised.

The potential impact of CVE-2024-6198 is substantial for organizations using ViaSat RM4100 modems. Exploitation could allow attackers to execute arbitrary code on the device, leading to full compromise of the modem. This could result in interception or manipulation of network traffic, disruption of internet connectivity, or pivoting to internal networks, severely affecting confidentiality, integrity, and availability. Given the modem's role as a critical network gateway, a successful attack could disrupt business operations, degrade service availability, and expose sensitive data. The requirement for LAN access limits remote exploitation but does not eliminate risk in environments where internal network security is weak or where attackers have gained footholds. The absence of patches increases exposure time, and the lack of known exploits suggests a window for proactive mitigation. Overall, the threat is significant for satellite internet users, government agencies, critical infrastructure providers, and enterprises relying on ViaSat technology.

1. Restrict LAN access to the ViaSat RM4100 modem's web interface by implementing strict network segmentation and firewall rules to limit which devices can communicate on TCP ports 3030 and 9882. 2. Monitor network traffic for unusual or malformed HTTP requests targeting these ports, employing intrusion detection systems (IDS) with signatures for buffer overflow attempts. 3. Disable or restrict the SNORE interface if it is not required for operational purposes to reduce the attack surface. 4. Apply network access control (NAC) solutions to prevent unauthorized devices from connecting to the LAN segment hosting the modem. 5. Engage with ViaSat support channels to obtain firmware updates or patches as they become available and plan for timely deployment. 6. Conduct regular security audits and penetration testing focused on internal network devices to identify and remediate potential access vectors. 7. Educate network administrators about the vulnerability and enforce strict administrative access policies to prevent lateral movement within the LAN. These measures go beyond generic advice by focusing on network-level controls and proactive monitoring specific to the affected services and ports.