1. Home
  2. CVE Database
  3. CVE-2021-33315
CRITICAL · 9.8

CVE-2021-33315

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper valid...

Vulnerability Description

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
TrendnetTi-Pg1284I Firmware< 2.0.2.s0
TrendnetTi-Pg1284I2.0r
TrendnetTi-G102I Firmware-
TrendnetTi-G102I-
TrendnetTi-G160I Firmware-
TrendnetTi-G160I-
TrendnetTi-G642I Firmware-
TrendnetTi-G642I-
TrendnetTi-Pg102I Firmware-
TrendnetTi-Pg102I-
TrendnetTi-Pg541I Firmware-
TrendnetTi-Pg541I-
TrendnetTi-Rp262I Firmware-
TrendnetTi-Rp262I-
TrendnetTeg-30102Ws Firmware-
TrendnetTeg-30102Ws-
TrendnetTpe-30102Ws Firmware-
TrendnetTpe-30102Ws-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2021-33315?

CVE-2021-33315 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper valid...

How severe is CVE-2021-33315?

CVE-2021-33315 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-33315?

Check the references section above for vendor advisories and patch information. Affected products include: Trendnet Ti-Pg1284I Firmware, Trendnet Ti-Pg1284I, Trendnet Ti-G102I Firmware, Trendnet Ti-G102I, Trendnet Ti-G160I Firmware.