MicrochipVULNRICHMENT:CVE-2024-7490CVE-2024-7490 Remote Code Execution in Advanced Software Framework DHCP server
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
AI Score
Confidence
High
EPSS
Percentile
39.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow.
This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.
This issue affects Advanced Software Framework: through 3.52.0.2574.
ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.
CNA Affected
[
{
"repo": "https://savannah.nongnu.org/projects/lwip/",
"vendor": "Microchip Techology",
"modules": [
"network"
],
"product": "Advanced Software Framework",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "3.52.0.2574"
}
],
"packageName": "lwip",
"programFiles": [
"tinydhcpserver.c"
],
"collectionURL": "https://gallery.microchip.com/packages/4CE20911-D794-4550-8B94-6C66A93228B8/",
"defaultStatus": "affected",
"programRoutines": [
{
"name": "lwip_dhcp_find_option"
}
]
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:microchip:advanced_software_framework:*:*:*:*:*:*:*:*"
],
"vendor": "microchip",
"product": "advanced_software_framework",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "3.52.0.2574"
}
],
"defaultStatus": "affected"
}
]
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
AI Score
Confidence
High
EPSS
Percentile
39.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total