Security News > 2024 > September > Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
2024-09-23 09:58
A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF's implementation of the tinydhcp server stemming from a lack of
News URL
https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html
Related news
- Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution (source)
- Critical SAP flaw allows remote attackers to bypass authentication (source)
- Critical Flaws in Traccar GPS System Expose Users to Remote Attacks (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution (source)
- Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution (source)
- That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-08 | CVE-2024-7490 | Classic Buffer Overflow vulnerability in Microchip Advanced Software Framework Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. | 9.8 |