CVE-2021-33315

moderate-risk
Published 2022-05-11

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.

Do I need to act?

-
0.64% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (9)

Ti-Pg1284I Firmware
Ti-G102I Firmware
Ti-G160I Firmware
Ti-G642I Firmware
Ti-Pg102I Firmware
Ti-Pg541I Firmware
Ti-Rp262I Firmware
Teg-30102Ws Firmware
Tpe-30102Ws Firmware

Affected Vendors

Trendnet

References (2)

Patch https://www.trendnet.com/support/view.asp?cat=4&id=81
Patch https://www.trendnet.com/support/view.asp?cat=4&id=81
49
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 15/34 · Moderate