Views:

Bulletin Date: April 22, 2021

CVE Vulnerability Identifiers: CVE-2021-31517, CVE-2021-31518

Platform: Consumer Hardware Device

CVSSv3 Score: 7.4: AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Severity Rating: High


Summary

Trend Micro has released a firmware update for the Trend Micro Home Network Security consumer devices which resolves file-parsing denial-of-service vulnerabilities.

Affected versions

PRODUCT AFFECTED VERSION PLATFORM LANGUAGE(S)
Home Network Security 6.5.599 and earlier Consumer Device English, Japanese, Traditional Chinese

Solution

PRODUCT UPDATED VERSION PLATFORM LANGUAGE(S)
Home Network Security 6.6.604 Consumer Device English, Japanese, Traditional Chinese


Trend Micro has released an update via the product’s automatic firmware update mechanism to resolve this issue. Your Trend Micro Home Network Security device should receive the update automatically as long as your computer is connected to the Internet.

Vulnerability Details

Trend Micro Home Network Security is vulnerable to two file-parsing vulnerabilities which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individuals for responsibly disclosing the issue and working with Trend Micro to help protect our customers:

  • Carl Hurd and Kelly Leuschner of Cisco Talos

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

Reference

  • TALOS-2021-1239
  • TALOS-2021-1240
Add a comment