CVE-2021-31519: 
Trend Micro HouseCall for Home Networks vulnerability analysis and mitigation

A privilege escalation vulnerability (CVE-2021-31519) was discovered in Trend Micro HouseCall for Home Networks version 5.3.1179 and below. The vulnerability was disclosed on April 23, 2021, and received a CVSS score of 7.3 (High severity). The issue affects the product installer and stems from incorrect permissions set on product folders (ZDI Advisory, Trend Micro Advisory).

The vulnerability exists within the product installer where incorrect permissions are set on product folders created during installation. This security flaw allows an attacker with low-privileged code execution capabilities to escalate privileges and execute arbitrary code in the context of an administrator. The vulnerability has been assigned a CVSS v3.0 base score of 7.3 with the following vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

If successfully exploited, this vulnerability allows an attacker to escalate privileges to administrator level and execute arbitrary code with elevated permissions. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability (Trend Micro Advisory).

Trend Micro has released version 5.3.1206 of HouseCall for Home Networks to address this vulnerability. Users are advised to upgrade to the latest version which can be downloaded from the Trend Micro website. No alternative workarounds have been provided (Trend Micro Advisory).