CVE-2021-33317

moderate-risk
Published 2022-05-11

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.

Do I need to act?

-
0.46% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (9)

Ti-Pg1284I Firmware
Ti-G102I Firmware
Ti-G160I Firmware
Ti-G642I Firmware
Ti-Pg102I Firmware
Ti-Pg541I Firmware
Ti-Rp262I Firmware
Teg-30102Ws Firmware
Tpe-30102Ws Firmware

Affected Vendors

Trendnet

References (2)

Patch https://www.trendnet.com/support/view.asp?cat=4&id=81
Patch https://www.trendnet.com/support/view.asp?cat=4&id=81
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 15/34 · Moderate