First published: Wed May 11 2022(Updated: )
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Trendnet Ti-pg1284i Firmware | <2.0.2.s0 | |
TRENDnet TI-PG1284i | =2.0r | |
Trendnet Ti-g102i Firmware | ||
Trendnet Ti-g102i | ||
Trendnet Ti-g160i Firmware | ||
Trendnet Ti-g160i | ||
Trendnet Ti-g642i Firmware | ||
Trendnet Ti-g642i | ||
Trendnet Ti-pg102i Firmware | ||
Trendnet Ti-pg102i | ||
Trendnet Ti-pg541i Firmware | ||
Trendnet Ti-pg541i | ||
Trendnet Ti-rp262i Firmware | ||
Trendnet Ti-rp262i | ||
Trendnet Teg-30102ws Firmware | ||
Trendnet Teg-30102ws | ||
Trendnet Tpe-30102ws Firmware | ||
Trendnet Tpe-30102ws |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33317 is a null pointer dereference vulnerability in the TRENDnet TI-PG1284i switch prior to version 2.0.2.S0.
The severity of CVE-2021-33317 is high, with a CVSS score of 7.5.
CVE-2021-33317 allows an attacker to cause a null pointer dereference in the lldp component of the TRENDnet TI-PG1284i switch.
No, TRENDnet TI-PG1284i switch version 2.0R is not affected by CVE-2021-33317.
Update your TRENDnet TI-PG1284i switch firmware to version 2.0.2.S0 or later to fix CVE-2021-33317.