Vulnerability Description
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendnet | Ti-Pg1284I Firmware | < 2.0.2.s0 |
| Trendnet | Ti-Pg1284I | 2.0r |
| Trendnet | Ti-G102I Firmware | - |
| Trendnet | Ti-G102I | - |
| Trendnet | Ti-G160I Firmware | - |
| Trendnet | Ti-G160I | - |
| Trendnet | Ti-G642I Firmware | - |
| Trendnet | Ti-G642I | - |
| Trendnet | Ti-Pg102I Firmware | - |
| Trendnet | Ti-Pg102I | - |
| Trendnet | Ti-Pg541I Firmware | - |
| Trendnet | Ti-Pg541I | - |
| Trendnet | Ti-Rp262I Firmware | - |
| Trendnet | Ti-Rp262I | - |
| Trendnet | Teg-30102Ws Firmware | - |
| Trendnet | Teg-30102Ws | - |
| Trendnet | Tpe-30102Ws Firmware | - |
| Trendnet | Tpe-30102Ws | - |
Related Weaknesses (CWE)
References
- https://www.trendnet.com/support/view.asp?cat=4&id=81PatchVendor Advisory
- https://www.trendnet.com/support/view.asp?cat=4&id=81PatchVendor Advisory
FAQ
What is CVE-2021-33317?
CVE-2021-33317 is a vulnerability with a CVSS score of 7.5 (HIGH). The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check ...
How severe is CVE-2021-33317?
CVE-2021-33317 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33317?
Check the references section above for vendor advisories and patch information. Affected products include: Trendnet Ti-Pg1284I Firmware, Trendnet Ti-Pg1284I, Trendnet Ti-G102I Firmware, Trendnet Ti-G102I, Trendnet Ti-G160I Firmware.