CVE-2021-33316

{"id": "CVE-2021-33316", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-05-11T18:15:22.723", "references": [{"url": "https://www.trendnet.com/support/view.asp?cat=4&id=81", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access."}, {"lang": "es", "value": "El switch TRENDnet TI-PG1284i (hw versi\u00f3n v2.0R) versiones anteriores a 2.0.2.S0, sufre una vulnerabilidad de desbordamiento de enteros. Esta vulnerabilidad se presenta en su componente relacionado con lldp. Debido a una falta de comprobaci\u00f3n apropiada en el campo de longitud del TLV ChassisID, mediante el env\u00edo de un paquete lldp dise\u00f1ado al dispositivo, es producido un desbordamiento de enteros y el n\u00famero negativo se pasar\u00eda a memcpy() m\u00e1s tarde, lo que podr\u00eda causar un desbordamiento del b\u00fafer o un acceso no v\u00e1lido a la memoria"}], "lastModified": "2022-07-12T17:42:04.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:ti-pg1284i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E00528D5-3C8F-4AD9-AA39-DB45DD5F11EE", "versionEndExcluding": "2.0.2.s0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:ti-pg1284i:2.0r:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8CA516E3-DBB2-47F9-BBAB-101D89111085"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:ti-g102i_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB15E6B1-FB33-4CC2-90AA-5F1C8A730060"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:ti-g102i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AA4B9F79-2514-4460-B039-7814F0058426"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:ti-g160i_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC8EABC3-67F8-4C86-BEF7-F1863A80DBBB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:ti-g160i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A61362FA-0D38-4A24-B9B8-B0092CA1B6ED"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:ti-g642i_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F06A138-BD87-4F6D-A90A-0ED3C2C51176"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:ti-g642i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44434E86-E69C-417E-84C4-64BCD8C03002"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:ti-pg102i_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0541C592-59AA-450B-AD5A-A4993CCA1892"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:ti-pg102i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C90DA4A-E297-4ABB-BDAE-71F29BD7D610"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:ti-pg541i_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0B92180-6071-4F1F-B481-0AECCCC62F25"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:ti-pg541i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59C28218-15BE-47E6-B9BD-79C8D0E89967"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:ti-rp262i_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB731996-395D-4157-81F3-23ED0F2D9C65"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:ti-rp262i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16B102EC-44F0-4BCE-B3E2-B0558190B8AC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:teg-30102ws_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "800EB91D-D8EE-4EC4-A477-A8E853C9A1CA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:teg-30102ws:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DF0A9BE8-6F50-4332-97A4-A5328463DD06"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:tpe-30102ws_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88281192-60D8-400F-A815-996481E69201"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:tpe-30102ws:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A3A48184-1480-4F37-9055-F5AA4DA25F00"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}