Details of VAR-202105-1386

ID

VAR-202105-1386

CVE

CVE-2021-32459

TITLE

Trend Micro Home Network Security Vulnerability in Using Hard Coded Credentials

Trust: 0.8

sources: JVNDB: JVNDB-2021-007442

DESCRIPTION

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability. Used to scan all incoming and outgoing home network traffic to prevent intrusions, prevent hacker attacks and network threats, and protect privacy. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.7

sources: NVD: CVE-2021-32459 // JVNDB: JVNDB-2021-007442 // CNVD: CNVD-2021-44770 // CNNVD: CNNVD-202104-975

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-44770

AFFECTED PRODUCTS

vendor:	trendmicro	model:	home network security	scope:	lte	version:	6.6.604	Trust: 1.0
vendor:	トレンドマイクロ	model:	trend micro home network security	scope:	lte	version:	6.6.604 and earlier	Trust: 0.8
vendor:	トレンドマイクロ	model:	trend micro home network security	scope:	eq	version:	-	Trust: 0.8
vendor:	trend micro	model:	home network security zh	scope:	lte	version:	<=6.6.604	Trust: 0.6
vendor:	trend micro	model:	home network security ja	scope:	lte	version:	<=6.6.604	Trust: 0.6
vendor:	trend micro	model:	home network security en	scope:	lte	version:	<=6.6.604	Trust: 0.6

sources: CNVD: CNVD-2021-44770 // JVNDB: JVNDB-2021-007442 // NVD: CVE-2021-32459

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-32459
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-32459
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-44770
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1509
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-32459
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-44770
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-32459
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-32459
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-44770 // JVNDB: JVNDB-2021-007442 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1509 // NVD: CVE-2021-32459

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	Using hardcoded credentials (CWE-798) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007442 // NVD: CVE-2021-32459

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1509

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Security Bulletin	url:	https://helpcenter.trendmicro.com/en-us/article/TMKA-10337	Trust: 0.8
title:	Patch for Trend Micro Home Network Security has unspecified vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/274896	Trust: 0.6
title:	Trend Micro Home Network Security Repair measures for trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153051	Trust: 0.6

sources: CNVD: CNVD-2021-44770 // JVNDB: JVNDB-2021-007442 // CNNVD: CNNVD-202105-1509

EXTERNAL IDS

db:	NVD	id:	CVE-2021-32459	Trust: 3.8
db:	TALOS	id:	TALOS-2021-1241	Trust: 1.6
db:	JVN	id:	JVNVU92417259	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-007442	Trust: 0.8
db:	CNVD	id:	CNVD-2021-44770	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021052509	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1509	Trust: 0.6

sources: CNVD: CNVD-2021-44770 // JVNDB: JVNDB-2021-007442 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1509 // NVD: CVE-2021-32459

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2021-1241	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32459	Trust: 2.0
url:	https://helpcenter.trendmicro.com/en-us/article/tmka-10337	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu92417259/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052509	Trust: 0.6

sources: CNVD: CNVD-2021-44770 // JVNDB: JVNDB-2021-007442 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1509 // NVD: CVE-2021-32459

SOURCES

db:	CNVD	id:	CNVD-2021-44770
db:	JVNDB	id:	JVNDB-2021-007442
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1509
db:	NVD	id:	CVE-2021-32459

LAST UPDATE DATE

2024-08-14T12:06:47.926000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-44770	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-007442	date:	2022-02-10T08:59:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1509	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2021-32459	date:	2021-06-07T17:26:18.800

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-44770	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-007442	date:	2022-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1509	date:	2021-05-24T00:00:00
db:	NVD	id:	CVE-2021-32459	date:	2021-05-27T11:15:07.347