SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Vulnerabilities in Trend Micro Home Network Security Station could lead to device takeover
Description: Trend Micro recently patched multiple security vulnerabilities in its Home Network Security systems. Attackers could exploit the vulnerabilities to cause a denial of service on connected devices, privilege escalation and code execution. The Home Network Security Station is an all-in-one device that protects users’ home networks by scanning for vulnerabilities on connected devices and serves as an intrusion prevention system. An attacker could manipulate the device in a way, using these vulnerabilities, that could allow them to execute remote code on the device or takeover PCs that are connected to the targeted home network.
Snort SIDs: 51719 - 57122
Title: Multiple vulnerabilities in Accusoft ImageGear
Description: Cisco Talos researchers recently discovered multiple vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images. It supports more than 100 file formats such as DICOM, PDF, Microsoft Office. These vulnerabilities Talos discovered could allow an attacker to carry out various malicious actions, including corrupting memory on the victim machine and gaining the ability to execute remote code. CVE-2021-21793, CVE-2021-21794 and CVE-2021-21824 are all out-of-bounds write vulnerabilities that exist in various functions of the software. An attacker could trigger these vulnerabilities by tricking a user into opening a specially crafted, malicious file.
Snort SIDs: 54411 - 54414, 57249 - 57252, 57270 - 57273, 57301, 57302, 57378, 57379