CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF

September 23, 2024 at 10:00AM The CERT Coordination Center at Carnegie Mellon University has issued an advisory for a critical flaw in Microchip’s Advanced Software Framework (ASF) that allows remote code execution via specially crafted DHCP requests. The security issue affects ASF 3.52.0.2574 and older versions, with no practical solution other than replacing the vulnerable … Read more

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

September 23, 2024 at 06:49AM A critical vulnerability (CVE-2024-7490) in Microchip Advanced Software Framework (ASF) could lead to remote code execution, impacting ASF 3.52.0.2574 and earlier versions. No fixes or mitigations are available, except replacing the tinydhcp service. Additionally, SonicWall detailed a severe zero-click vulnerability (CVE-2024-20017) in MediaTek Wi-Fi chipsets, with a patch released in … Read more