Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-28649

An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

Published

2021-05-12T15:15:07.640

Last Modified

2024-11-21T06:00:01.367

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.4

Impact Score

6.4

Weaknesses

Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	housecall_for_home_networks	≤ 5.3.1179	Yes
Operating System	microsoft	windows	-	No

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-10310 Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-21-474/ Third Party Advisory, VDB Entry ([email protected])
https://helpcenter.trendmicro.com/en-us/article/TMKA-10310 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-21-474/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)