Analysis Summary

A critical security flaw has been identified in the Microchip Advanced Software Framework (ASF), designated as CVE-2024-7490, with a high CVSS score of 9.5 out of 10. This vulnerability, found in ASF's implementation of the tinydhcp server is a stack-based buffer overflow due to improper input validation when processing specially crafted DHCP requests.

If exploited, this flaw could lead to remote code execution (RCE), a severe threat for IoT devices where this software is often implemented. Despite the gravity of the flaw, no patches or mitigations are currently available making systems using the tinydhcp service vulnerable unless the service is replaced.

Researchers have raised alarms that the vulnerability exists in all versions of ASF up to 3.52.0.2574 and warn that it is likely to be discovered in various systems due to the widespread use of IoT-centric codebases. This concern is compounded by the fact that ASF is no longer supported leaving many systems exposed to the threat. They also highlight that forks of the tinydhcp software may share the same vulnerability, broadening the scope of the potential impact.

In a related development, researchers have disclosed another severe vulnerability affecting MediaTek Wi-Fi chipsets, tracked as CVE-2024-20017. This vulnerability, which has a CVSS score of 9.8, allows for remote code execution via a zero-click attack meaning no user interaction is required for exploitation. The issue stems from a buffer overflow caused by an out-of-bounds write, occurring when a length value from attacker-controlled packet data is mishandled. Affected versions include MediaTek SDK versions 7.4.0.1 and earlier and OpenWrt versions 19.07 and 21.02, impacting a wide array of devices such as routers and smartphones.

While MediaTek released a patch for CVE-2024-20017 in March 2024, the threat of exploitation has risen with the publication of a proof-of-concept (PoC) exploit on August 30, 2024. This underscores the urgency for users to update their systems particularly as the vulnerability targets a large number of devices commonly used in consumer and enterprise environments. The combination of these vulnerabilities highlights the persistent risk of RCE in networking components and IoT ecosystems emphasizing the need for vigilance and timely patching.

Impact

• Buffer Overflow
• Privilege Escalation
• Remote Code Execution

Indicators of Compromise

CVE

• CVE-2024-7490

Affected Vendors

Affected Products

• Microchip Techology Advanced Software Framework - 3.52.0.2574

Remediation

• If possible, replace the tinydhcp server within the ASF implementation with a different DHCP server that is not affected by this vulnerability.
• As a temporary measure, disable the tinydhcp service if it is not essential for your system's functionality.
• Organizations must test their assets for the vulnerability mentioned above and apply the available security patch or mitigation steps as soon as possible.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.