Security Bulletin: Trend Micro Home Network Security File-Parsing Denial-of-Service Vulnerabilities

LAST UPDATED: APR 22, 2021

Bulletin Date: April 22, 2021

CVE Vulnerability Identifiers: CVE-2021-31517, CVE-2021-31518

Platform: Consumer Hardware Device

CVSSv3 Score: 7.4: AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Severity Rating: High

Summary

Trend Micro has released a firmware update for the Trend Micro Home Network Security consumer devices which resolves file-parsing denial-of-service vulnerabilities.

Affected versions

PRODUCT	AFFECTED VERSION	PLATFORM	LANGUAGE(S)
Home Network Security	6.5.599 and earlier	Consumer Device	English, Japanese, Traditional Chinese

Solution

PRODUCT	UPDATED VERSION	PLATFORM	LANGUAGE(S)
Home Network Security	6.6.604	Consumer Device	English, Japanese, Traditional Chinese

Trend Micro has released an update via the product’s automatic firmware update mechanism to resolve this issue. Your Trend Micro Home Network Security device should receive the update automatically as long as your computer is connected to the Internet.

Vulnerability Details

Trend Micro Home Network Security is vulnerable to two file-parsing vulnerabilities which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individuals for responsibly disclosing the issue and working with Trend Micro to help protect our customers:

• Carl Hurd and Kelly Leuschner of Cisco Talos

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

Reference

• TALOS-2021-1239
• TALOS-2021-1240