Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » A critical flaw in Microchip ASF exposes IoT devices to the risk of remote code execution
Global Security

A critical flaw in Microchip ASF exposes IoT devices to the risk of remote code execution

AdminBy AdminSeptember 23, 2024No Comments2 Mins Read
IoT Devices
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


September 23, 2024Ravi LakshmananIoT Security / Vulnerability

IoT devices

A critical security flaw has been discovered in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution.

Vulnerability, tracked as CVE-2024-7490has a CVSS score of 9.5 out of a maximum of 10.0. This has been described as a stack overflow vulnerability in the ASF implementation of the tinydhcp server that results from a lack of proper input validation.

“A vulnerability exists in all publicly available examples of the ASF codebase that allows a specially crafted DHCP request to cause a stack overflow that could lead to remote code execution,” CERT Coordination Center (CERT/CC) said in the consulting room.

Cyber ​​security

Given that the software is no longer supported and is based on IoT-focused code, CERT/CC warns that the vulnerability is “likely to appear in many places in the wild.”

The problem affects ASF 3.52.0.2574 and all previous versions of the software, with the agency also noting that several forks of the tinydhcp software are also likely to be susceptible to the flaw.

There are currently no fixes or mitigations to address CVE-2024-7490, other than replacing the tinydhcp service with another that does not have the same problem.

The development comes after SonicWall Capture Labs detailed a serious no-click vulnerability affecting MediaTek Wi-Fi chipsets (CVE-2024-20017CVSS 9.8), which can open the door to remote code execution without the need for user interaction due to the out-of-bounds write problem.

“Affected versions include MediaTek SDK version 7.4.0.1 and earlier, as well as OpenWrt 19.07 and 21.02,” the company said in a statement. said. “This means a large number of vulnerable devices, including routers and smartphones.”

Cyber ​​security

“The vulnerability is a buffer overflow resulting from a length value taken directly from attacker-controlled packet data without bounds checking and placed in a memory copy. This buffer overflow creates an out-of-bounds write.’

There was a patch for the vulnerability released MediaTek in March 2024, although the likelihood of use has increased along with public access exploit proof-of-concept (PoC) as of August 30, 2024.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025

From the theft of the browser to the intelligence collection instrument

June 28, 2025

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.