

Rewterz Threat Advisory – CVE-2021-26291 – Apache Maven security bypass
April 26, 2021
Rewterz Threat Advisory – CVE-2021-29469 – Node Redis redis module for Node.js denial of service
April 26, 2021
Rewterz Threat Advisory – CVE-2021-26291 – Apache Maven security bypass
April 26, 2021
Rewterz Threat Advisory – CVE-2021-29469 – Node Redis redis module for Node.js denial of service
April 26, 2021Severity
High
Analysis Summary
CVE-2021-31519
Trend Micro HouseCall for Home Networks allows a local, authenticated attacker to gain escalated privileges on the system. This vulnerability is caused by improper permissions set on product folders that are created by the installer. An authenticated attacker can exploit this vulnerability by sending specially crafted requests to victims to gain elevated privileges.
CVE-2021-28649
Trend Micro HouseCall for Home Networks is an incorrect permission vulnerability that allows a local authenticated attacker to gain escalated privileges on the system. By placing an arbitrary code on a specified folder and having that code be exploited by an administrator, an authenticated attacker can exploit this vulnerability.
Impact
Privilege Escalation
Affected Vendors
TrendMicro
Affected Products
HouseCall for Home Networks 5.3.1179 and below
Remediation
Download the latest patch available at https://www.trendmicro.com/en_us/forHome/products/housecall/home-networks.html