Privilege Escalation Vulnerability in Trend Micro HouseCall for Home Networks
CVE-2021-32466

7HIGH

Key Information:

Vendor

Trend Micro
Status
Trend Micro Housecall For Home Networks
Vendor
CVE Published:
29 September 2021

What is CVE-2021-32466?

An uncontrolled search path element vulnerability in Trend Micro HouseCall for Home Networks allows attackers to escalate privileges. By placing a specially crafted file in a designated directory, a malicious library can be loaded, enabling unauthorized access or control. Attackers must have a foothold to execute low-privileged code on the system in order to exploit this vulnerability. Users of versions 5.3.1225 and earlier should apply patches to mitigate this risk.

Affected Version(s)

Trend Micro HouseCall for Home Networks 5.3.1225 and below

References

https://helpcenter.trendmicro.com/en-us/article/tmka-10626
x_refsource_MISC
https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1112/
x_refsource_MISC

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.