Security News > 2021 > May > Trend Micro Bugs Threaten Home Network Security

Three security vulnerabilities have been found in Trend Micro's Home Network Security systems, which can allow denial of service, privilege escalation, code execution and authentication bypass.

The Home Network Security Station is an all-in-one device that scans for vulnerabilities for connected devices, performs intrusion detection and allows consumers to control access settings for all devices on the network.

"The upper 16 bits from the ioctl request are blindly used as input to copy from user to a stack-based buffer in kernel space," it read. "The stack-based buffer is smaller than the maximum ioctl request copy size of 0x3FFF and thus overflows. A user can carefully craft input such that they could get control over PC within due to this copy."

Specifically, the bug exists in Trend Micro Home Network Security's log collection server feature, which could be exploited for arbitrary authentication by sending a specially designed network request.

"The log server is utilized to dump all information that the device collects back to Trend Micro's infrastructure, and can include identifiable information of the networks that the data originated from," according to the advisory.

Vulnerable Trend Micro Home Network Security Stations version 6.1.567 and below are vulnerable to the bugs; the security vendor has released patches to address all three issues.

News URL

https://threatpost.com/trend-micro-bugs-home-network-security/166453/