CVE-2024-7490 Remote Code Execution in Advanced Software Framework DHCP server

🗓️ 08 Aug 2024 15:01:09Reported by MicrochipType

CVE-2024-7490 Remote Code Execution in Advanced Software Framework DHCP server due to Improper Input Validatio

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-7490	8 Aug 202418:04	–	circl
CNNVD	Microchip Advanced Software Framework 安全漏洞	8 Aug 202400:00	–	cnnvd
CVE	CVE-2024-7490	8 Aug 202415:01	–	cve
EUVD	EUVD-2024-48404	3 Oct 202520:07	–	euvd
NVD	CVE-2024-7490	8 Aug 202415:15	–	nvd
Positive Technologies	PT-2024-38380 · Microchip Technology · Microchip Advanced Software Framework	8 Aug 202400:00	–	ptsecurity
The Hacker News	Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk	23 Sep 202409:58	–	thn
CERT	A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server	19 Sep 202400:00	–	cert
Vulnrichment	CVE-2024-7490 Remote Code Execution in Advanced Software Framework DHCP server	8 Aug 202415:01	–	vulnrichment

[
  {
    "collectionURL": "https://gallery.microchip.com/packages/4CE20911-D794-4550-8B94-6C66A93228B8/",
    "defaultStatus": "affected",
    "modules": [
      "network"
    ],
    "packageName": "lwip",
    "product": "Advanced Software Framework",
    "programFiles": [
      "tinydhcpserver.c"
    ],
    "programRoutines": [
      {
        "name": "lwip_dhcp_find_option"
      }
    ],
    "repo": "https://savannah.nongnu.org/projects/lwip/",
    "vendor": "Microchip Techology",
    "versions": [
      {
        "lessThanOrEqual": "3.52.0.2574",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
microchip	www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework

29 Aug 2025 20:23Current

CVSS 49.5

EPSS0.11734

CWE-120