Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-32459
HistoryMay 27, 2021 - 11:15 a.m.

CVE-2021-32459

2021-05-2711:15:07
CWE-798
[email protected]
web.nvd.nist.gov
2
trend micro
home network security
log collection server
hard-coded password
vulnerability
attacker
network request
arbitrary authentication
high-privileged code
exploit

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

28.4%

JSON

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability.

Affected configurations

Nvd
Node
trendmicrohome_network_securityRange6.6.604en
OR
trendmicrohome_network_securityRange6.6.604ja
OR
trendmicrohome_network_securityRange6.6.604zh
VendorProductVersionCPE
trendmicrohome_network_security*cpe:2.3:a:trendmicro:home_network_security:*:*:*:en:*:*:*:*
trendmicrohome_network_security*cpe:2.3:a:trendmicro:home_network_security:*:*:*:ja:*:*:*:*
trendmicrohome_network_security*cpe:2.3:a:trendmicro:home_network_security:*:*:*:zh:*:*:*:*

Related

prion 1
talos 1
cvelist 1
cve 1
threatpost 1
prion
prion
Hardcoded credentials
2021-05-27 11:15:00
talos
talos
Trend Micro Inc. Home Network Security SFTP log collection server hard-coded password vulnerability
2021-05-24 00:00:00
cvelist
cvelist
CVE-2021-32459
2021-05-27 10:42:55
cve
cve
CVE-2021-32459
2021-05-27 11:15:07
threatpost
threatpost
Trend Micro Bugs Threaten Home Network Security
2021-05-25 16:41:28

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

28.4%

JSON
Related for NVD:CVE-2021-32459
prion1talos1cvelist1cve1threatpost1