Researchers have discovered bugs in Trend Micro's Home Network Security Station that could let threat actors mount denial of service (DoS) attacks, escalate privileges, and execute code.
According to researchers at Cisco Talos, three security vulnerabilities in the product are labeled CVE-2021-32457, CVE-2021-32458, and CVE-2021-32459.
Trend Micro's Home Network Security Station is a device that plugs into a home router to prevent internet-connected devices from being hacked. Unfortunately, the bugs mean that the device itself can be hacked.
The first two flaws, CVE-2021-32457, CVE-2021-32458, lead to privilege escalation. The former bug exists in the tdts.ko chrdev_ioctl_handle functionality of the product. A specially crafted ioctl can lead to increased privileges. An attacker can issue an ioctl to trigger this vulnerability, causing a kernel panic leading to DoS and leveraging privilege escalation.
The latter flaw is caused by the lack of input validation on a user's ioctl request. The stack-based buffer is smaller than the maximum ioctl request copy size of 0x3FFF and thus overflows. A user can carefully craft input to gain control over a PC due to this copy.
The CVE-2021-32459 flaw is a hard-coded password vulnerability in the SFTP Log Collection Server function of Trend Micro Inc.'s Home Network Security 6.1.567. A specially crafted network request can lead to arbitrary authentication. An attacker can send an unauthenticated message to trigger this vulnerability.
From there, a hacker could create files, change permissions on files and upload arbitrary data to an SFTP server.
RELATED RESOURCE
The secure cloud configuration imperative
The central role of cloud security posture management
"The log server is utilized to dump all information that the device collects back to Trend Micro's infrastructure and can include identifiable information of the networks that the data originated from. The username and password are hard-coded in the core binary of the HNS device as diamond:bahV6AtJqZt4K. On the SFTP server, these credentials can be used to create files, change permissions on files and upload arbitrary data to the server. This could result in the loss of the logs if files are overwritten, or data exfiltration could occur if it is possible to download data," the advisory warned.
Cisco Talos said it worked with Trend Micro to address these security issues. Trend Micro has released an update for affected customers. The researchers didn't observe active attacks on these flaws.
-
Veracode bolsters leadership team for next growth chapterNews The application security vendor has named Anthony Barkley as chief strategy officer and Diana Bushard as general counsel
-
UK government hails AI coding gains as developers report huge time savingsNews Developers participating in a trial of AI coding tools from Google, Microsoft, and GitHub reported big time savings, with 58% saying they now couldn't work without them.
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
