Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-7490— Remote Code Execution in Advanced Software Framework DHCP server

EPSS 11.73% · P94
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-7490

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Remote Code Execution in Advanced Software Framework DHCP server
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microchip Advanced Software Framework 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microchip Advanced Software Framework是美国微芯(Microchip)公司的一款应用于微处理器嵌入式开发的代码库。该代码库通过驱动程序和高价值中间件为硬件提供抽象,从而简化了微控制器的使用。 Microchip Advanced Software Framework 3.52.0.2574及之前版本存在安全漏洞,该漏洞源于DHCP服务器中存在不正确的输入验证漏洞,从而可通过缓冲区溢出导致远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Microchip TechologyAdvanced Software Framework 0 ~ 3.52.0.2574 -

II. Public POCs for CVE-2024-7490

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-7490

登录查看更多情报信息。

IV. Related Vulnerabilities

Same weakness: CWE-120

V. Comments for CVE-2024-7490

No comments yet

Leave a comment