CVE-2021-33315

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.trendnet.com/support/view.asp?cat=4&id=81	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:trendnet:ti-pg1284i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:ti-pg1284i:2.0r:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:trendnet:ti-g102i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:ti-g102i:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:trendnet:ti-g160i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:ti-g160i:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:trendnet:ti-g642i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:ti-g642i:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:trendnet:ti-pg102i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:ti-pg102i:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:trendnet:ti-pg541i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:ti-pg541i:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:trendnet:ti-rp262i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:ti-rp262i:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:trendnet:teg-30102ws_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:teg-30102ws:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:trendnet:tpe-30102ws_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tpe-30102ws:-:*:*:*:*:*:*:*

History

12 Jul 2022, 17:42

Type	Values Removed	Values Added
CWE	~~CWE-191~~	CWE-20

20 May 2022, 14:45

Type	Values Removed	Values Added
CWE		CWE-191
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8
CPE		cpe:2.3:h:trendnet:ti-pg541i:-:::::::* cpe:2.3:h:trendnet:teg-30102ws:-:::::::* cpe:2.3:o:trendnet:teg-30102ws_firmware:-:::::::* cpe:2.3:h:trendnet:ti-pg1284i:2.0r:::::::* cpe:2.3:o:trendnet:ti-g160i_firmware:-:::::::* cpe:2.3:h:trendnet:ti-g642i:-:::::::* cpe:2.3:o:trendnet:ti-pg102i_firmware:-:::::::* cpe:2.3:h:trendnet:tpe-30102ws:-:::::::* cpe:2.3:o:trendnet:ti-pg541i_firmware:-:::::::* cpe:2.3:o:trendnet:ti-g642i_firmware:-:::::::* cpe:2.3:h:trendnet:ti-g102i:-:::::::* cpe:2.3:h:trendnet:ti-rp262i:-:::::::* cpe:2.3:o:trendnet:ti-g102i_firmware:-:::::::* cpe:2.3:h:trendnet:ti-pg102i:-:::::::* cpe:2.3:o:trendnet:ti-rp262i_firmware:-:::::::* cpe:2.3:o:trendnet:tpe-30102ws_firmware:-:::::::* cpe:2.3:h:trendnet:ti-g160i:-:::::::* cpe:2.3:o:trendnet:ti-pg1284i_firmware::::::::
References	~~(MISC) https://www.trendnet.com/support/view.asp?cat=4&id=81 -~~	(MISC) https://www.trendnet.com/support/view.asp?cat=4&id=81 - Patch, Vendor Advisory

11 May 2022, 18:33

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-11 18:15

Updated : 2024-02-04 22:29

NVD link : CVE-2021-33315

Mitre link : CVE-2021-33315

CVE.ORG link : CVE-2021-33315

JSON object : View

Products Affected

trendnet

ti-g642i_firmware
tpe-30102ws
ti-g642i
ti-pg102i
ti-rp262i_firmware
ti-g102i_firmware
ti-g160i_firmware
ti-pg1284i
teg-30102ws_firmware
teg-30102ws
ti-pg541i
ti-pg1284i_firmware
tpe-30102ws_firmware
ti-rp262i
ti-pg541i_firmware
ti-g102i
ti-pg102i_firmware
ti-g160i

CWE

CWE-20

Improper Input Validation

9.8 /10