IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Trend Micro home network security flaws could let hackers take over PCs

All-in-one home security device could allow code execution, DoS, and file permission changes

Researchers have discovered bugs in Trend Micro's Home Network Security Station that could let threat actors mount denial of service (DoS) attacks, escalate privileges, and execute code.

According to researchers at Cisco Talos, three security vulnerabilities in the product are labeled CVE-2021-32457,  CVE-2021-32458, and CVE-2021-32459.

Trend Micro's Home Network Security Station is a device that plugs into a home router to prevent internet-connected devices from being hacked. Unfortunately, the bugs mean that the device itself can be hacked.

The first two flaws, CVE-2021-32457CVE-2021-32458, lead to privilege escalation. The former bug exists in the tdts.ko chrdev_ioctl_handle functionality of the product. A specially crafted ioctl can lead to increased privileges. An attacker can issue an ioctl to trigger this vulnerability, causing a kernel panic leading to DoS and leveraging privilege escalation.

The latter flaw is caused by the lack of input validation on a user's ioctl request. The stack-based buffer is smaller than the maximum ioctl request copy size of 0x3FFF and thus overflows. A user can carefully craft input to gain control over a PC due to this copy.

The CVE-2021-32459 flaw is a hard-coded password vulnerability in the SFTP Log Collection Server function of Trend Micro Inc.'s Home Network Security 6.1.567. A specially crafted network request can lead to arbitrary authentication. An attacker can send an unauthenticated message to trigger this vulnerability.

From there, a hacker could create files, change permissions on files and upload arbitrary data to an SFTP server.

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeFree download

"The log server is utilized to dump all information that the device collects back to Trend Micro's infrastructure and can include identifiable information of the networks that the data originated from. The username and password are hard-coded in the core binary of the HNS device as diamond:bahV6AtJqZt4K. On the SFTP server, these credentials can be used to create files, change permissions on files and upload arbitrary data to the server. This could result in the loss of the logs if files are overwritten, or data exfiltration could occur if it is possible to download data," the advisory warned.

Cisco Talos said it worked with Trend Micro to address these security issues. Trend Micro has released an update for affected customers. The researchers didn't observe active attacks on these flaws.

Featured Resources

AI for customer service

IBM Watson Assistant solves customer problems the first time

View now

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Free Download

IBM FlashSystem 5000 and 5200 for mid-market enterprises

Manage rapid data growth within limited IT budgets

Free download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

Revealed: The top 200 most common passwords of 2022
cyber security

Revealed: The top 200 most common passwords of 2022

17 Nov 2022
Major security exploits expected to rise before New Year
vulnerability

Major security exploits expected to rise before New Year

1 Nov 2022
Five common data security pitfalls
Whitepaper

Five common data security pitfalls

21 Oct 2022
Ransomware activity down 11% worldwide in Q3, but rise expected
ransomware

Ransomware activity down 11% worldwide in Q3, but rise expected

20 Oct 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Windows users now able to run Linux apps and distros natively
Microsoft Windows

Windows users now able to run Linux apps and distros natively

24 Nov 2022