CVE-2021-31521
https://notcve.org/view.php?id=CVE-2021-31521
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. Trend Micro InterScan Web Security Virtual Appliance versión 6.5 se ha detectado que presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el producto de Captive Portal • https://success.trendmicro.com/solution/000286452 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-32459
https://notcve.org/view.php?id=CVE-2021-32459
Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability. La versión 6.6.604 y anteriores de Trend Micro Home Network Security contienen una vulnerabilidad de contraseña codificada en el servidor de recopilación de registros que podría permitir a un atacante utilizar una solicitud de red especialmente diseñada para llevar a una autenticación arbitraria. Un atacante debe obtener primero la capacidad de ejecutar código con privilegios elevados en el dispositivo de destino para poder explotar esta vulnerabilidad • https://helpcenter.trendmicro.com/en-us/article/TMKA-10337 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1241 • CWE-798: Use of Hard-coded Credentials •
CVE-2021-32458
https://notcve.org/view.php?id=CVE-2021-32458
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. La versión 6.6.604 y anteriores de Trend Micro Home Network Security son vulnerables a una vulnerabilidad de desbordamiento del búfer basada en la pila de iotcl que podría permitir a un atacante emitir un iotcl especialmente diseñado que podría conducir a la ejecución de código en los dispositivos afectados. Un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el dispositivo de destino para poder explotar esta vulnerabilidad • https://helpcenter.trendmicro.com/en-us/article/TMKA-10337 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231 • CWE-787: Out-of-bounds Write •
CVE-2021-32457
https://notcve.org/view.php?id=CVE-2021-32457
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. La versión 6.6.604 y anteriores de Trend Micro Home Network Security son vulnerables a una vulnerabilidad de desbordamiento del búfer basada en la pila de iotcl que podría permitir a un atacante emitir un iotcl especialmente diseñado para escalar privilegios en los dispositivos afectados. Un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el dispositivo de destino para poder explotar esta vulnerabilidad • https://helpcenter.trendmicro.com/en-us/article/TMKA-10337 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1230 • CWE-787: Out-of-bounds Write •
CVE-2021-32460 – Trend Micro Maximum Security Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32460
The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability. El producto de consumo Trend Micro Maximum Security 2021 (versión v17) es suceptible a una vulnerabilidad de control de acceso inapropiado en el instalador que podría permitir a un atacante local escalar privilegios en un equipo objetivo. Tenga en cuenta que un atacante debe tener ya privilegios de usuario local y acceso en la máquina para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Maximum Security console. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10336 https://www.zerodayinitiative.com/advisories/ZDI-21-603 • CWE-732: Incorrect Permission Assignment for Critical Resource •