Vulnerability Description
Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Home Network Security | <= 6.6.604 |
Related Weaknesses (CWE)
References
- https://helpcenter.trendmicro.com/en-us/article/TMKA-10337Vendor Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1241Third Party Advisory
- https://helpcenter.trendmicro.com/en-us/article/TMKA-10337Vendor Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1241Third Party Advisory
FAQ
What is CVE-2021-32459?
CVE-2021-32459 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network...
How severe is CVE-2021-32459?
CVE-2021-32459 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32459?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Home Network Security.