Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » A critical flaw in Microchip ASF exposes IoT devices to the risk of remote code execution
Global Security

A critical flaw in Microchip ASF exposes IoT devices to the risk of remote code execution

AdminBy AdminSeptember 23, 2024No Comments2 Mins Read
IoT Devices
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


September 23, 2024Ravi LakshmananIoT Security / Vulnerability

IoT devices

A critical security flaw has been discovered in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution.

Vulnerability, tracked as CVE-2024-7490has a CVSS score of 9.5 out of a maximum of 10.0. This has been described as a stack overflow vulnerability in the ASF implementation of the tinydhcp server that results from a lack of proper input validation.

“A vulnerability exists in all publicly available examples of the ASF codebase that allows a specially crafted DHCP request to cause a stack overflow that could lead to remote code execution,” CERT Coordination Center (CERT/CC) said in the consulting room.

Cyber ​​security

Given that the software is no longer supported and is based on IoT-focused code, CERT/CC warns that the vulnerability is “likely to appear in many places in the wild.”

The problem affects ASF 3.52.0.2574 and all previous versions of the software, with the agency also noting that several forks of the tinydhcp software are also likely to be susceptible to the flaw.

There are currently no fixes or mitigations to address CVE-2024-7490, other than replacing the tinydhcp service with another that does not have the same problem.

The development comes after SonicWall Capture Labs detailed a serious no-click vulnerability affecting MediaTek Wi-Fi chipsets (CVE-2024-20017CVSS 9.8), which can open the door to remote code execution without the need for user interaction due to the out-of-bounds write problem.

“Affected versions include MediaTek SDK version 7.4.0.1 and earlier, as well as OpenWrt 19.07 and 21.02,” the company said in a statement. said. “This means a large number of vulnerable devices, including routers and smartphones.”

Cyber ​​security

“The vulnerability is a buffer overflow resulting from a length value taken directly from attacker-controlled packet data without bounds checking and placed in a memory copy. This buffer overflow creates an out-of-bounds write.’

There was a patch for the vulnerability released MediaTek in March 2024, although the likelihood of use has increased along with public access exploit proof-of-concept (PoC) as of August 30, 2024.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025

Band

June 13, 2025

Apple Zero Click’s downside in reports to spy on journalists using spyware Paragon software

June 13, 2025

Both Vextrio and affiliates control the global network

June 12, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025

Band

June 13, 2025

Apple Zero Click’s downside in reports to spy on journalists using spyware Paragon software

June 13, 2025

Both Vextrio and affiliates control the global network

June 12, 2025

How to Decide Safety Expanding

June 12, 2025

The new tokenbreak attack combines AI moderation with a one -sided character change

June 12, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.