Security News > 2024 > September > Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
2024-09-23 09:58
A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF's implementation of the tinydhcp server stemming from a lack of
News URL
https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html
Related news
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- CUPS flaws enable Linux remote code execution, but there’s a catch (source)
- Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-08 | CVE-2024-7490 | Classic Buffer Overflow vulnerability in Microchip Advanced Software Framework Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. | 9.8 |