Trend Micro’s home network security flaws could allow hackers to take control of PCs

Researchers have discovered bugs in Trend Micro’s Home Network Security Station that could allow hackers to mount denial-of-service (DoS) attacks, elevate privileges, and execute code.

According to Cisco Talos researchers, three security vulnerabilities in the product are labeled CVE-2021-32457, CVE-2021-32458, and CVE-2021-32459.

Trend Micro’s Home Network Security Station is a device that plugs into a home router to prevent Internet-connected devices from being hacked. Unfortunately, bugs mean that the device itself can be hacked.

The first two flaws, CVE-2021-32457, CVE-2021-32458, lead to an elevation of privileges. The old bug exists in the tdts.ko chrdev_ioctl_handle functionality of the product. A specially crafted ioctl can lead to increased privileges. An attacker can issue an ioctl to trigger this vulnerability, causing a kernel panic leading to a DoS and taking advantage of privilege elevation.

This last flaw is caused by the lack of input validation on a user’s ioctl request. The stack-based buffer is smaller than the maximum ioctl request copy size of 0x3FFF and therefore overflows. A user can neatly create an entry to take control of a PC through this copy.

CVE-2021-32459 is a hard-coded password vulnerability in Trend Micro Inc.’s Home Network Security 6.1.567 SFTP Log Collection Server feature. A specially crafted network request may lead to arbitrary authentication. An attacker can send an unauthenticated message to trigger this vulnerability.

From there, a hacker could create files, change file permissions, and upload arbitrary data to an SFTP server.

Related Resource

The Secure Cloud Configuration Imperative

The Central Role of Cloud Security Posture Management

Free download

“The logging server is used to dump all information the device collects into Trend Micro’s infrastructure and may include identifiable information about the networks where the data originated. Username and password are hardcoded in the main HNS device binary as diamond:bahV6AtJqZt4K On the SFTP server, these credentials can be used to create files, change file permissions, and upload arbitrary data to the server This may result in loss of logs if files are overwritten, or data exfiltration may occur if it is possible to download data,” the advisory warns.

Cisco Talos said it has worked with Trend Micro to resolve these security issues. Trend Micro has released an update for affected customers. The researchers did not observe any active attacks on these defects.

Featured Resources

The Total Economic Impact™ of IBM Cloud Pak® for Data

Cost savings and business benefits with an integrated data and AI platform

Free download

Modern Data Warehouse Automation

No constraints on your data

Download now

Ten Benefits of Oracle’s Data Management Platform

Freedom from business constraints and manual IT tasks

Free download

Secure hybrid cloud for dummies

Accelerate transformation with hybrid cloud

Free download

Kevin M. Risinger