Viasat Modems Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Viasat RM5110, RM5111, RG1100, EG1000, and EG1020 modems, all running versions through 4.3.0.2. The vulnerability allows an unauthenticated attacker on the WAN interface to intercept and manipulate Dynamic DNS (DDNS) traffic, causing a buffer overflow on the modem. This issue affects customers who have enabled DDNS on their modem.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected modem.

Reproduction

The vulnerability can be reproduced by intercepting HTTP responses from DDNS servers (such as dyndns or tzo) and modifying them to include more data than the 'public_ip' buffer can handle. This leads to a stack buffer overflow, which can be exploited to execute arbitrary code on the device.

Remediation

Customers should ensure their devices are online to receive the automated update from Viasat. After the update, verify the device is running version 4.3.0.3 using the administrative interface.