CVE-2021-31519

Published: May 12, 2021Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD

Description

An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

Affected (1)

Products: Trendmicro: Housecall For Home Networks

1 product

Housecall For Home Networks

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendmicro Housecall For Home Networks	Up to 5.3.1179

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://helpcenter.trendmicro.com/en-us/article/TMKA-10310

Source: security@trendmicro.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-475/

Source: security@trendmicro.com

Third Party AdvisoryVDB Entry

https://helpcenter.trendmicro.com/en-us/article/TMKA-10310

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-475/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.