Lucene search

[email protected]CVE-2021-33317

HistoryMay 11, 2022 - 6:15 p.m.

CVE-2021-33317

2022-05-1118:15:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2021-33317

trendnet

ti-pg1284i

switch

hardware

vulnerability

null pointer

dereference

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.0%

JSON

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.

CPENameOperatorVersion
trendnet:ti-pg1284i_firmwaretrendnet ti-pg1284i firmwarelt2.0.2.s0
trendnet:ti-g102i_firmwaretrendnet ti-g102i firmwareeq-
trendnet:ti-g160i_firmwaretrendnet ti-g160i firmwareeq-
trendnet:ti-g642i_firmwaretrendnet ti-g642i firmwareeq-
trendnet:ti-pg102i_firmwaretrendnet ti-pg102i firmwareeq-
trendnet:ti-pg541i_firmwaretrendnet ti-pg541i firmwareeq-
trendnet:ti-rp262i_firmwaretrendnet ti-rp262i firmwareeq-
trendnet:teg-30102ws_firmwaretrendnet teg-30102ws firmwareeq-
trendnet:tpe-30102ws_firmwaretrendnet tpe-30102ws firmwareeq-

CPE	Name	Operator	Version
trendnet:ti-pg1284i_firmware	trendnet ti-pg1284i firmware	lt	2.0.2.s0
trendnet:ti-g102i_firmware	trendnet ti-g102i firmware	eq	-
trendnet:ti-g160i_firmware	trendnet ti-g160i firmware	eq	-
trendnet:ti-g642i_firmware	trendnet ti-g642i firmware	eq	-
trendnet:ti-pg102i_firmware	trendnet ti-pg102i firmware	eq	-
trendnet:ti-pg541i_firmware	trendnet ti-pg541i firmware	eq	-
trendnet:ti-rp262i_firmware	trendnet ti-rp262i firmware	eq	-
trendnet:teg-30102ws_firmware	trendnet teg-30102ws firmware	eq	-
trendnet:tpe-30102ws_firmware	trendnet tpe-30102ws firmware	eq	-

References

www.trendnet.com/support/view.asp?cat=4&id=81

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.0%

JSON

Related for CVE-2021-33317

prion1