Microchip Technology Advanced Software Framework Vulnerable to Remote Code Execution Through Improper Input Validation
CVE-2024-7490
What is CVE-2024-7490?
The vulnerability arises from improper input validation within the Advanced Software Framework's example DHCP server, specifically in program files such as tinydhcpserver.C and functions like lwip_dhcp_find_option. This security flaw permits a potential remote code execution through a buffer overflow, posing significant risks to systems employing this framework for their DHCP services. It is critical to note that the Advanced Software Framework is no longer supported; therefore, users are encouraged to implement the suggested workarounds or transition to an actively maintained software framework to mitigate any risks associated with this vulnerability.
Affected Version(s)
Advanced Software Framework 0 <= 3.52.0.2574
News Articles
The Cyber ExpressCVE-2024-7490Critical Microchip Vulnerability In Advanced Software Framework
CERT/CC warns of a Microchip vulnerability (CVE-2024-7490) causing a stack-based overflow that may enable remote code execution in affected devices.
The Hacker NewsCVE-2024-7490Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
Severe vulnerabilities in Microchip ASF and MediaTek Wi-Fi chipsets expose IoT devices to remote code execution risks. No fix for CVE-2024-7490.
References
CVSS V3.1
Timeline
- đź“°
First article discovered by The Hacker News
Vulnerability published