CVE-2024-7490 CRITICAL

CVE-2024-7490: Remote Code Execution in Advanced Software Framework DHCP server

Vendor Microchip Techology
Product Advanced Software Framework
Weakness CWE-120
Published August 8, 2024
Last update August 29, 2025

CVSS base score

9.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

Key dates

02Disclosure timeline

August 8, 2024 CVE published
August 29, 2025 Record updated