Vulnerability Details : CVE-2021-33315
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
Vulnerability category: OverflowInput validation
Products affected by CVE-2021-33315
- cpe:2.3:o:trendnet:ti-pg1284i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:ti-g102i_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:ti-g160i_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:ti-g642i_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:ti-pg102i_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:ti-pg541i_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:ti-rp262i_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:teg-30102ws_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:tpe-30102ws_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-33315
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-33315
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-33315
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-33315
-
https://www.trendnet.com/support/view.asp?cat=4&id=81
Warranty Policy | TRENDnetPatch;Vendor Advisory
Jump to