9.8

CVE-2021-33316

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.

Data is provided by the National Vulnerability Database (NVD)
TrendnetTi-pg1284i Firmware Version < 2.0.2.s0
   TrendnetTi-pg1284i Version2.0r
TrendnetTi-g102i Firmware Version-
   TrendnetTi-g102i Version-
TrendnetTi-g160i Firmware Version-
   TrendnetTi-g160i Version-
TrendnetTi-g642i Firmware Version-
   TrendnetTi-g642i Version-
TrendnetTi-pg102i Firmware Version-
   TrendnetTi-pg102i Version-
TrendnetTi-pg541i Firmware Version-
   TrendnetTi-pg541i Version-
TrendnetTi-rp262i Firmware Version-
   TrendnetTi-rp262i Version-
TrendnetTeg-30102ws Firmware Version-
   TrendnetTeg-30102ws Version-
TrendnetTpe-30102ws Firmware Version-
   TrendnetTpe-30102ws Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.64% 0.695
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.