Uncontrolled Search Patch Element Vulnerability in Trend Micro HouseCall for Home Networks
CVE-2022-28339

7.3HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Housecall For Home Networks
Vendor: CVE Published:; 22 February 2025

Summary

Trend Micro HouseCall for Home Networks versions 5.3.1302 and earlier are susceptible to an uncontrolled search patch element vulnerability. This flaw may allow an attacker with low user privileges to craft a malicious DLL, potentially resulting in escalated privileges. This situation poses a significant security risk as it could enable attackers to execute unauthorized actions within the system.

Affected Version(s)

Trend Micro HouseCall for Home Networks 5.3 < 5.3.1308

References

https://helpcenter.trendmicro.com/en-us/article/tmka-21734

https://www.zerodayinitiative.com/advisories/ZDI-22-620/

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 22, 2025
Vulnerability Reserved
Apr 1, 2022