Stack-Based Buffer Overflow Vulnerability in Trend Micro Home Network Security
CVE-2021-32457

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Home Network Security
Vendor: CVE Published:; 26 May 2021

Summary

Trend Micro Home Network Security versions 6.6.604 and earlier are susceptible to a stack-based buffer overflow vulnerability related to the iotcl interface. This weakness allows an attacker to send a specially crafted iotcl request that could escalate privileges on the affected devices. To successfully exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target device. This exploit can potentially lead to unauthorized access and control over network security settings.

Affected Version(s)

Trend Micro Home Network Security 6.6.604 and below

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-10337

x_refsource_MISC

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
May 7, 2021