Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for housecall_for_home_networks by trendmicro

    CVE-2022-28339 (GCVE-0-2022-28339)

    Vulnerability from nvd – Published: 2025-02-22 20:51 – Updated: 2025-02-24 12:25
    VLAI
    Summary
    Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-28339",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-24T12:23:39.672326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-24T12:25:17.568Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "5.3.1308",
                  "status": "affected",
                  "version": "5.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-22T20:51:10.611Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-21734"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-620/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-28339",
        "datePublished": "2025-02-22T20:51:10.611Z",
        "dateReserved": "2022-04-01T18:07:44.461Z",
        "dateUpdated": "2025-02-24T12:25:17.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32466 (GCVE-0-2021-32466)

    Vulnerability from nvd – Published: 2021-09-29 10:21 – Updated: 2024-08-03 23:17
    VLAI
    Summary
    An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10626"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1112/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.1225 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-29T10:21:29.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10626"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1112/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-32466",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.1225 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/tmka-10626",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10626"
                },
                {
                  "name": "https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1112/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1112/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-32466",
        "datePublished": "2021-09-29T10:21:29.000Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:29.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31519 (GCVE-0-2021-31519)

    Vulnerability from nvd – Published: 2021-05-12 14:57 – Updated: 2024-08-03 23:03
    VLAI
    Summary
    An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Permission Assignment
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:03:33.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-475/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.1179 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Permission Assignment",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-12T14:57:42.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-475/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-31519",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.1179 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Permission Assignment"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-475/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-475/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-31519",
        "datePublished": "2021-05-12T14:57:42.000Z",
        "dateReserved": "2021-04-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:03:33.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28649 (GCVE-0-2021-28649)

    Vulnerability from nvd – Published: 2021-05-12 14:57 – Updated: 2024-08-03 21:47
    VLAI
    Summary
    An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Permission Assignment
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:47:33.045Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-474/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.1179 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Permission Assignment",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-12T14:57:41.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-474/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-28649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.1179 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Permission Assignment"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-474/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-474/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-28649",
        "datePublished": "2021-05-12T14:57:41.000Z",
        "dateReserved": "2021-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:47:33.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25247 (GCVE-0-2021-25247)

    Vulnerability from nvd – Published: 2021-01-27 19:10 – Updated: 2024-08-03 19:56
    VLAI
    Summary
    A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • DLL Hijacking
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:56:11.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10180"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.1063 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Hijacking",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T19:10:26.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10180"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-25247",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.1063 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Hijacking"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10180",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10180"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-25247",
        "datePublished": "2021-01-27T19:10:26.000Z",
        "dateReserved": "2021-01-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:56:11.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19689 (GCVE-0-2019-19689)

    Vulnerability from nvd – Published: 2019-12-18 18:30 – Updated: 2024-08-05 02:25
    VLAI
    Summary
    Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.
    Severity
    No CVSS data available.
    CWE
    • DLL Hijack
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:25:12.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "Below 5.3.0.1063"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Hijack",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-07T16:00:18.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2019-19689",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Below 5.3.0.1063"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Hijack"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674",
                  "refsource": "CONFIRM",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2019-19689",
        "datePublished": "2019-12-18T18:30:16.000Z",
        "dateReserved": "2019-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:25:12.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19688 (GCVE-0-2019-19688)

    Vulnerability from nvd – Published: 2019-12-18 18:30 – Updated: 2024-08-05 02:25
    VLAI
    Summary
    A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:25:12.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "Below 5.3.0.1063"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-07T16:01:26.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2019-19688",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Below 5.3.0.1063"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674",
                  "refsource": "CONFIRM",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2019-19688",
        "datePublished": "2019-12-18T18:30:15.000Z",
        "dateReserved": "2019-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:25:12.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28339 (GCVE-0-2022-28339)

    Vulnerability from cvelistv5 – Published: 2025-02-22 20:51 – Updated: 2025-02-24 12:25
    VLAI
    Summary
    Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-28339",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-24T12:23:39.672326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-24T12:25:17.568Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "5.3.1308",
                  "status": "affected",
                  "version": "5.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-22T20:51:10.611Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-21734"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-620/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-28339",
        "datePublished": "2025-02-22T20:51:10.611Z",
        "dateReserved": "2022-04-01T18:07:44.461Z",
        "dateUpdated": "2025-02-24T12:25:17.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32466 (GCVE-0-2021-32466)

    Vulnerability from cvelistv5 – Published: 2021-09-29 10:21 – Updated: 2024-08-03 23:17
    VLAI
    Summary
    An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10626"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1112/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.1225 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-29T10:21:29.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10626"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1112/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-32466",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.1225 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/tmka-10626",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10626"
                },
                {
                  "name": "https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1112/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1112/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-32466",
        "datePublished": "2021-09-29T10:21:29.000Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:29.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31519 (GCVE-0-2021-31519)

    Vulnerability from cvelistv5 – Published: 2021-05-12 14:57 – Updated: 2024-08-03 23:03
    VLAI
    Summary
    An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Permission Assignment
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:03:33.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-475/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.1179 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Permission Assignment",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-12T14:57:42.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-475/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-31519",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.1179 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Permission Assignment"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-475/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-475/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-31519",
        "datePublished": "2021-05-12T14:57:42.000Z",
        "dateReserved": "2021-04-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:03:33.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28649 (GCVE-0-2021-28649)

    Vulnerability from cvelistv5 – Published: 2021-05-12 14:57 – Updated: 2024-08-03 21:47
    VLAI
    Summary
    An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Permission Assignment
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:47:33.045Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-474/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.1179 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Permission Assignment",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-12T14:57:41.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-474/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-28649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.1179 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Permission Assignment"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-474/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-474/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-28649",
        "datePublished": "2021-05-12T14:57:41.000Z",
        "dateReserved": "2021-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:47:33.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25247 (GCVE-0-2021-25247)

    Vulnerability from cvelistv5 – Published: 2021-01-27 19:10 – Updated: 2024-08-03 19:56
    VLAI
    Summary
    A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • DLL Hijacking
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:56:11.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10180"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.1063 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Hijacking",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T19:10:26.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10180"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-25247",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.1063 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Hijacking"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10180",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10180"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-25247",
        "datePublished": "2021-01-27T19:10:26.000Z",
        "dateReserved": "2021-01-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:56:11.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19689 (GCVE-0-2019-19689)

    Vulnerability from cvelistv5 – Published: 2019-12-18 18:30 – Updated: 2024-08-05 02:25
    VLAI
    Summary
    Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.
    Severity
    No CVSS data available.
    CWE
    • DLL Hijack
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:25:12.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "Below 5.3.0.1063"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Hijack",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-07T16:00:18.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2019-19689",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Below 5.3.0.1063"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Hijack"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674",
                  "refsource": "CONFIRM",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2019-19689",
        "datePublished": "2019-12-18T18:30:16.000Z",
        "dateReserved": "2019-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:25:12.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19688 (GCVE-0-2019-19688)

    Vulnerability from cvelistv5 – Published: 2019-12-18 18:30 – Updated: 2024-08-05 02:25
    VLAI
    Summary
    A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:25:12.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro HouseCall for Home Networks",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "Below 5.3.0.1063"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-07T16:01:26.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2019-19688",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro HouseCall for Home Networks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Below 5.3.0.1063"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674",
                  "refsource": "CONFIRM",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-21674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2019-19688",
        "datePublished": "2019-12-18T18:30:15.000Z",
        "dateReserved": "2019-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:25:12.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }