Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

September 23, 2024 at 06:49AM A critical vulnerability (CVE-2024-7490) in Microchip Advanced Software Framework (ASF) could lead to remote code execution, impacting ASF 3.52.0.2574 and earlier versions. No fixes or mitigations are available, except replacing the tinydhcp service. Additionally, SonicWall detailed a severe zero-click vulnerability (CVE-2024-20017) in MediaTek Wi-Fi chipsets, with a patch released in … Read more

Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover

September 20, 2024 at 02:30PM A zero-click vulnerability in MediaTek Wi-Fi chipsets and driver bundles used in routers and smartphones, including those from Ubiquiti, Xiaomi, and Netgear, poses a critical risk, enabling remote code execution without user interaction. A public proof-of-concept exploit is available, so affected users should apply available MediaTek patches promptly. The vulnerability … Read more

New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips

December 8, 2023 at 10:25AM A new set of 5G modem vulnerabilities, collectively known as “5Ghoul,” impact 710 5G smartphone models from Google partners and Apple, as well as routers and USB modems. Discovered by researchers, these vulnerabilities can lead to disruptions and network downgrades, posing a risk to security. Qualcomm and MediaTek have released … Read more