Vulnerability Details CVE-2021-33317
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-33317
-
cpe:2.3:h:trendnet:teg-30102ws:-
-
cpe:2.3:h:trendnet:ti-g102i:-
-
cpe:2.3:h:trendnet:ti-g160i:-
-
cpe:2.3:h:trendnet:ti-g642i:-
-
cpe:2.3:h:trendnet:ti-pg102i:-
-
cpe:2.3:h:trendnet:ti-pg1284i:2.0r
-
cpe:2.3:h:trendnet:ti-pg541i:-
-
cpe:2.3:h:trendnet:ti-rp262i:-
-
cpe:2.3:h:trendnet:tpe-30102ws:-
-
cpe:2.3:o:trendnet:teg-30102ws_firmware:-
-
cpe:2.3:o:trendnet:ti-g102i_firmware:-
-
cpe:2.3:o:trendnet:ti-g160i_firmware:-
-
cpe:2.3:o:trendnet:ti-g642i_firmware:-
-
cpe:2.3:o:trendnet:ti-pg102i_firmware:-
-
cpe:2.3:o:trendnet:ti-pg1284i_firmware:-
-
cpe:2.3:o:trendnet:ti-pg541i_firmware:-
-
cpe:2.3:o:trendnet:ti-rp262i_firmware:-
-
cpe:2.3:o:trendnet:tpe-30102ws_firmware:-