CVE-2021-32457

CWE-787 — Out-of-bounds Write CWE-269 — Improper Privilege Management5 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 66.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Home Network Security Trend Micro Trend Micro Home Network Security

Timeline

PublishedMay 26

Latest updateMay 24

Description

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/home_network_security6.6.604

▶CVEListV5trend_micro/trend_micro_home_network_security6.6.604 and below

🔴Vulnerability Details

GHSA

GHSA-gc5v-4mhp-vqp4: A privilege escalation vulnerability exists in the tdts↗2022-05-24

▶

CVEList

CVE-2021-32457: Trend Micro Home Network Security version 6↗2021-05-26

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Multiple vulnerabilities in Trend Micro Home Network Security Station↗2021-05-24

▶

Talos

Vulnerability Spotlight: Multiple vulnerabilities in Trend Micro Home Network Security Station↗2021-05-24

▶