CVE-2024-7490

CRITICAL EPSS 68.6%

Published Aug 8, 20241y ago · Modified Jun 17, 20261w ago

9.5 CVSS 4.0

Critical

Published Aug 8, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

CVSS Details

Base Score

9.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

68.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-120

Affected Products 1

Vendor	Product	Version	Range
microchip	advanced_software_framework	*	≤3.52.0.2574

References 2

kb.cert.org https://www.kb.cert.org/vuls/id/138043

Third Party Advisory
microchip.com https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.