// For flags

CVE-2021-33316

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.

El switch TRENDnet TI-PG1284i (hw versión v2.0R) versiones anteriores a 2.0.2.S0, sufre una vulnerabilidad de desbordamiento de enteros. Esta vulnerabilidad se presenta en su componente relacionado con lldp. Debido a una falta de comprobación apropiada en el campo de longitud del TLV ChassisID, mediante el envío de un paquete lldp diseñado al dispositivo, es producido un desbordamiento de enteros y el número negativo se pasaría a memcpy() más tarde, lo que podría causar un desbordamiento del búfer o un acceso no válido a la memoria

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-05-20 CVE Reserved
  • 2022-05-11 CVE Published
  • 2023-12-02 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://www.trendnet.com/support/view.asp?cat=4&id=81 2022-07-12
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Trendnet
Search vendor "Trendnet"
 Ti-pg1284i Firmware
Search vendor "Trendnet" for product "Ti-pg1284i Firmware"
 < 2.0.2.s0
Search vendor "Trendnet" for product "Ti-pg1284i Firmware" and version " < 2.0.2.s0"
-
Affected
in Trendnet
Search vendor "Trendnet"
 Ti-pg1284i
Search vendor "Trendnet" for product "Ti-pg1284i"
 2.0r
Search vendor "Trendnet" for product "Ti-pg1284i" and version "2.0r"
-
Safe
Trendnet
Search vendor "Trendnet"
 Ti-g102i Firmware
Search vendor "Trendnet" for product "Ti-g102i Firmware"
--
Affected
in Trendnet
Search vendor "Trendnet"
 Ti-g102i
Search vendor "Trendnet" for product "Ti-g102i"
--
Safe
Trendnet
Search vendor "Trendnet"
 Ti-g160i Firmware
Search vendor "Trendnet" for product "Ti-g160i Firmware"
--
Affected
in Trendnet
Search vendor "Trendnet"
 Ti-g160i
Search vendor "Trendnet" for product "Ti-g160i"
--
Safe
Trendnet
Search vendor "Trendnet"
 Ti-g642i Firmware
Search vendor "Trendnet" for product "Ti-g642i Firmware"
--
Affected
in Trendnet
Search vendor "Trendnet"
 Ti-g642i
Search vendor "Trendnet" for product "Ti-g642i"
--
Safe
Trendnet
Search vendor "Trendnet"
 Ti-pg102i Firmware
Search vendor "Trendnet" for product "Ti-pg102i Firmware"
--
Affected
in Trendnet
Search vendor "Trendnet"
 Ti-pg102i
Search vendor "Trendnet" for product "Ti-pg102i"
--
Safe
Trendnet
Search vendor "Trendnet"
 Ti-pg541i Firmware
Search vendor "Trendnet" for product "Ti-pg541i Firmware"
--
Affected
in Trendnet
Search vendor "Trendnet"
 Ti-pg541i
Search vendor "Trendnet" for product "Ti-pg541i"
--
Safe
Trendnet
Search vendor "Trendnet"
 Ti-rp262i Firmware
Search vendor "Trendnet" for product "Ti-rp262i Firmware"
--
Affected
in Trendnet
Search vendor "Trendnet"
 Ti-rp262i
Search vendor "Trendnet" for product "Ti-rp262i"
--
Safe
Trendnet
Search vendor "Trendnet"
 Teg-30102ws Firmware
Search vendor "Trendnet" for product "Teg-30102ws Firmware"
--
Affected
in Trendnet
Search vendor "Trendnet"
 Teg-30102ws
Search vendor "Trendnet" for product "Teg-30102ws"
--
Safe
Trendnet
Search vendor "Trendnet"
 Tpe-30102ws Firmware
Search vendor "Trendnet" for product "Tpe-30102ws Firmware"
--
Affected
in Trendnet
Search vendor "Trendnet"
 Tpe-30102ws
Search vendor "Trendnet" for product "Tpe-30102ws"
--
Safe