CVE-2021-32459

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 32.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Home Network Security Trend Micro Trend Micro Home Network Security

Timeline

PublishedMay 27

Latest updateMay 24

Description

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

▶NVDtrendmicro/home_network_security6.6.604

▶CVEListV5trend_micro/trend_micro_home_network_security6.6.604 and below

🔴Vulnerability Details

GHSA

GHSA-697p-5m9w-jhmw: A hard-coded password vulnerability exists in the SFTP Log Collection Server function of Trend Micro Inc↗2022-05-24

▶

CVEList

CVE-2021-32459: Trend Micro Home Network Security version 6↗2021-05-27

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Multiple vulnerabilities in Trend Micro Home Network Security Station↗2021-05-24

▶