Home Network Security Station flaws exposed by Cisco Talos researchers
Trend Micro technology designed to protect home networks from attack was itself beset by multiple security flaws.
The three vulnerabilities in Trend Micro’s Home Network Security Station, all discovered by security researchers Carl Hurd and Kelly Leuschner of Cisco Talos, were resolved by a recently released update.
Resolution of the flaws cleared the way for Cisco Talos to publish details of their findings.
Two of the flaws – CVE-2021-32457 and CVE-2021-32458 – are elevation of privilege vulnerabilities that could allow an attacker to obtain elevated permissions on a hacked device. Both stem from shortcomings in input validation, a common class of web security bug.
Another vulnerability, CVE-2021-32459, involves hardcoded credentials that set the stage for all sorts of mischief, including the creation of files, changing permissions on files, and uploading arbitrary data to an SFTP (Secure File Transfer Protocol) server, as explained in an security alert by Cisco Talos.
Users are urged to update to Home Network Security version 6.1.567, in order to safeguard devices against potential pwnage by any of the trio of flaws.
The Daily Swig invited Trend Micro to comment on these vulnerabilities and their resolution. No word back as yet but we’ll update this story as and when more information comes to hand.