{"vulnerability": "CVE-2024-7490", "sightings": [{"uuid": "bef0ef36-0cf1-4e33-9346-3620481d6330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7490", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/14086", "content": "\u200aCVE-2024-7490: Urgent Warning for IoT Devices Using Microchip ASF, No Patch Available\n\nhttps://securityonline.info/cve-2024-7490-urgent-warning-for-iot-devices-using-microchip-asf-no-patch-available/", "creation_timestamp": "2024-09-23T10:55:29.000000Z"}, {"uuid": "f438dc3c-5c3a-449a-9102-0cb77e9fe7e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7490", "type": "seen", "source": "Telegram/HiMMqwgJb5x2XsOSrIcMLEp2KfxxGU9G0gqxb9lmzwabzQ", "content": "", "creation_timestamp": "2024-09-23T15:42:39.000000Z"}, {"uuid": "ccb7f41f-d8f4-4091-b7e6-66e8e48e2377", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7490", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/21198", "content": "The Hacker News\nCritical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk\n\nA critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution.\nThe vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF's implementation of the tinydhcp server stemming from a lack of", "creation_timestamp": "2024-09-23T15:42:34.000000Z"}, {"uuid": "15914d0b-2606-4e30-93a0-ed1e3b81b0f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7490", "type": "published-proof-of-concept", "source": "Telegram/wm4aO1xGzXZzv7mWZD2m03k4547ywxWghH4nrClPgbPUTA", "content": "", "creation_timestamp": "2024-09-23T14:45:53.000000Z"}, {"uuid": "91652929-09af-4917-a705-8364aa15ae5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7490", "type": "seen", "source": "https://t.me/KomunitiSiber/2611", "content": "Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk\nhttps://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html\n\nA critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution.\nThe vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF's implementation of the tinydhcp server stemming from a lack of", "creation_timestamp": "2024-09-23T14:42:22.000000Z"}, {"uuid": "41e9ed54-69ef-4573-a557-212d5783c153", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7490", "type": "seen", "source": "https://t.me/thehackernews/5621", "content": "\ud83d\udea8 Critical flaw (CVE-2024-7490) in Microchip's ASF may allow remote code execution in IoT devices. \n \nCERT/CC\u2019s advisory warns it could be widespread, impacting ASF v3.52.0.2574 and earlier. \n \nRead: https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html", "creation_timestamp": "2024-09-23T12:14:33.000000Z"}, {"uuid": "233659d3-d5a5-483b-b9fd-81aa87dad637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7490", "type": "seen", "source": "https://t.me/cvedetector/2791", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-7490 - Microchip Technology Advanced Software Framework DHCP Server Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-7490 \nPublished : Aug. 8, 2024, 3:15 p.m. | 35\u00a0minutes ago \nDescription : Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow.  \n This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.  \n  \nThis issue affects Advanced Software Framework: through 3.52.0.2574. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-08T18:04:28.000000Z"}, {"uuid": "33062e91-cd67-459f-a52f-6a79b08f8313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7490", "type": "seen", "source": "https://t.me/ton618cyber/4174", "content": "Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk\n\nSevere vulnerabilities in Microchip ASF and MediaTek Wi-Fi chipsets expose IoT devices to remote code execution risks. No fix for CVE-2024-7490.\n\nthehackernews.com \u2022 Sep 23, 2024", "creation_timestamp": "2024-09-23T14:05:18.000000Z"}, {"uuid": "a933e5db-8fd7-40e3-a03e-ef880a759824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7490", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/4416", "content": "The Hacker News\nCritical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk\n\nA critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution.\nThe vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF's implementation of the tinydhcp server stemming from a lack of", "creation_timestamp": "2024-09-23T15:42:34.000000Z"}]}