The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00458.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

AND
cpe:2.3:o:trendnet:ti-pg1284i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:ti-pg1284i:2.0r:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:trendnet:ti-g102i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:ti-g102i:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:trendnet:ti-g160i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:ti-g160i:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:trendnet:ti-g642i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:ti-g642i:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:trendnet:ti-pg102i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:ti-pg102i:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:trendnet:ti-pg541i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:ti-pg541i:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:trendnet:ti-rp262i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:ti-rp262i:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:trendnet:teg-30102ws_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:teg-30102ws:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:trendnet:tpe-30102ws_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:tpe-30102ws:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Trendnet Subscribe
Teg-30102ws Subscribe
Teg-30102ws Firmware Subscribe
Ti-g102i Subscribe
Ti-g102i Firmware Subscribe
Ti-g160i Subscribe
Ti-g160i Firmware Subscribe
Ti-g642i Subscribe
Ti-g642i Firmware Subscribe
Ti-pg102i Subscribe
Ti-pg102i Firmware Subscribe
Ti-pg1284i Subscribe
Ti-pg1284i Firmware Subscribe
Ti-pg541i Subscribe
Ti-pg541i Firmware Subscribe
Ti-rp262i Subscribe
Ti-rp262i Firmware Subscribe
Tpe-30102ws Subscribe
Tpe-30102ws Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2021-20027 The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.trendnet.com/support/view.asp?cat=4&id=81 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-03T23:50:41.433Z

Reserved: 2021-05-20T00:00:00

Link: CVE-2021-33317

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-05-11T18:15:22.783

Modified: 2024-11-21T06:08:40.580

Link: CVE-2021-33317

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses