Microchip Technology Advanced Software Framework Vulnerable to Remote Code Execution Through Improper Input Validation
CVE-2024-7490
Key Information:
- Vendor
Microchip Techology
- Vendor
- CVE Published:
- 8 August 2024
Badges
What is CVE-2024-7490?
The vulnerability arises from improper input validation within the Advanced Software Framework's example DHCP server, specifically in program files such as tinydhcpserver.C and functions like lwip_dhcp_find_option. This security flaw permits a potential remote code execution through a buffer overflow, posing significant risks to systems employing this framework for their DHCP services. It is critical to note that the Advanced Software Framework is no longer supported; therefore, users are encouraged to implement the suggested workarounds or transition to an actively maintained software framework to mitigate any risks associated with this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Advanced Software Framework 0 <= 3.52.0.2574
News Articles
The Cyber ExpressCVE-2024-7490Critical Microchip Vulnerability In Advanced Software Framework
CERT/CC warns of a Microchip vulnerability (CVE-2024-7490) causing a stack-based overflow that may enable remote code execution in affected devices.
The Hacker NewsCVE-2024-7490Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
Severe vulnerabilities in Microchip ASF and MediaTek Wi-Fi chipsets expose IoT devices to remote code execution risks. No fix for CVE-2024-7490.
References
EPSS Score
11% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- π°
First article discovered by The Hacker News
Vulnerability published