nvd-json-data-feeds/CVE-2024/CVE-2024-61xx/CVE-2024-6199.json

{
  "id": "CVE-2024-6199",
  "sourceIdentifier": "research@onekey.com",
  "published": "2025-04-25T13:15:43.510",
  "lastModified": "2025-04-29T13:52:28.490",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS\u00a0services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem.\n\nCustomers that have not enabled Dynamic DNS on their modem are not vulnerable."
    },
    {
      "lang": "es",
      "value": "Un atacante no autenticado en la interfaz WAN, capaz de interceptar el tr\u00e1fico de DNS din\u00e1mico (DDNS) entre los servicios DDNS y el m\u00f3dem, podr\u00eda manipular respuestas espec\u00edficas para incluir c\u00f3digo que provoque un desbordamiento de b\u00fafer en el m\u00f3dem. Los clientes que no tienen habilitado el DNS din\u00e1mico en su m\u00f3dem no son vulnerables."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "research@onekey.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Red",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "attackVector": "ADJACENT",
          "attackComplexity": "HIGH",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NEGLIGIBLE",
          "Automatable": "NO",
          "Recovery": "USER",
          "valueDensity": "DIFFUSE",
          "vulnerabilityResponseEffort": "MODERATE",
          "providerUrgency": "RED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "research@onekey.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199",
      "source": "research@onekey.com"
    }
  ]
}