TRENDnet TI-PG1284i prior 2.0.2.S0 lldp memcpy integer underflow

A vulnerability was found in TRENDnet TI-PG1284i. It has been classified as critical. Affected is the function memcpy of the component lldp. Upgrading to version 2.0.2.S0 eliminates this vulnerability.

Field05/12/2022 12:02 PM05/14/2022 01:54 PM
vendorTRENDnetTRENDnet
nameTI-PG1284iTI-PG1284i
componentlldplldp
functionmemcpymemcpy
cwe191 (memory corruption)191 (memory corruption)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.trendnet.com/support/view.asp?cat=4&id=81https://www.trendnet.com/support/view.asp?cat=4&id=81
nameUpgradeUpgrade
upgrade_version2.0.2.S02.0.2.S0
cveCVE-2021-33315CVE-2021-33315
cve_assigned16214616001621461600
date1652306400 (05/12/2022)1652306400 (05/12/2022)
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore4.54.5
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.35.3
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.35.3
price_0day$0-$5k$0-$5k
cve_nvd_summaryThe TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.

Want to stay up to date on a daily basis?

Enable the mail alert feature now!