CVE-2021-33317

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
trendnetti-pg1284i_firmware
𝑥
< 2.0.2.s0
trendnetti-g102i_firmware
-
trendnetti-g160i_firmware
-
trendnetti-g642i_firmware
-
trendnetti-pg102i_firmware
-
trendnetti-pg541i_firmware
-
trendnetti-rp262i_firmware
-
trendnetteg-30102ws_firmware
-
trendnettpe-30102ws_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.trendnet.com/support/view.asp?cat=4&id=81
https://www.trendnet.com/support/view.asp?cat=4&id=81