CVE-2021-32459

Published: May 27, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: NVD

Description

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability.

Affected (3)

Products: Trendmicro: Home Network Security

1 product

Home Network Security

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Home Network Security	Up to 6.6.604
Trendmicro Home Network Security	Up to 6.6.604
Trendmicro Home Network Security	Up to 6.6.604

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

https://helpcenter.trendmicro.com/en-us/article/TMKA-10337

Source: security@trendmicro.com

Vendor Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1241

Source: security@trendmicro.com

Third Party Advisory

https://helpcenter.trendmicro.com/en-us/article/TMKA-10337

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1241

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.