CVE-2022-28339: 
Trend Micro HouseCall for Home Networks vulnerability analysis and mitigation

Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that was disclosed on February 22, 2025. The vulnerability, tracked as CVE-2022-28339, affects the Windows platform and could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges (Trend Micro Advisory).

The specific flaw exists within the log4j scanner component of HouseCall for Home Networks. The process loads a file from an unsecured location, which creates the vulnerability. The issue has been assigned a CVSS v3.1 base score of 7.3 (HIGH) with the vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating local access is required with low attack complexity and privileges required (ZDI Advisory).

A successful exploitation of this vulnerability could allow an attacker to escalate privileges and execute arbitrary code in the context of an administrator. This means an attacker could gain elevated access to system resources that would normally be protected from unauthorized users (ZDI Advisory).

Trend Micro has released version 5.3.1308 of HouseCall for Home Networks to resolve this vulnerability. No other mitigating factors have been identified, and customers are advised to ensure they always have the latest version of the program installed (Trend Micro Advisory).