Bulletin Date: April 22, 2021
CVE Vulnerability Identifiers: CVE-2021-31517, CVE-2021-31518
Platform: Consumer Hardware Device
CVSSv3 Score: 7.4: AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Severity Rating: High
Summary
Trend Micro has released a firmware update for the Trend Micro Home Network Security consumer devices which resolves file-parsing denial-of-service vulnerabilities.
Affected versions
| PRODUCT | AFFECTED VERSION | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Home Network Security | 6.5.599 and earlier | Consumer Device | English, Japanese, Traditional Chinese |
Solution
| PRODUCT | UPDATED VERSION | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Home Network Security | 6.6.604 | Consumer Device | English, Japanese, Traditional Chinese |
Trend Micro has released an update via the product’s automatic firmware update mechanism to resolve this issue. Your Trend Micro Home Network Security device should receive the update automatically as long as your computer is connected to the Internet.
Vulnerability Details
Trend Micro Home Network Security is vulnerable to two file-parsing vulnerabilities which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Acknowledgement
Trend Micro would like to thank the following individuals for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- Carl Hurd and Kelly Leuschner of Cisco Talos
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.
Reference
- TALOS-2021-1239
- TALOS-2021-1240