TRENDnet TI-PG1284i prior 2.0.2.S0 lldp null pointer dereference

A vulnerability was found in TRENDnet TI-PG1284i. It has been rated as problematic. Affected by this issue is some unknown functionality of the component lldp. Upgrading to version 2.0.2.S0 eliminates this vulnerability.

Field05/12/2022 12:05 PM05/14/2022 02:06 PM
vendorTRENDnetTRENDnet
nameTI-PG1284iTI-PG1284i
componentlldplldp
cwe476 (denial of service)476 (denial of service)
risk11
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aHH
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.trendnet.com/support/view.asp?cat=4&id=81https://www.trendnet.com/support/view.asp?cat=4&id=81
nameUpgradeUpgrade
upgrade_version2.0.2.S02.0.2.S0
cveCVE-2021-33317CVE-2021-33317
cve_assigned16214616001621461600
cvss2_vuldb_acLL
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiCC
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.55.5
cvss2_vuldb_tempscore4.84.8
cvss3_vuldb_basescore5.75.7
cvss3_vuldb_tempscore5.55.5
cvss3_meta_basescore5.75.7
cvss3_meta_tempscore5.55.5
price_0day$0-$5k$0-$5k
date1652306400 (05/12/2022)1652306400 (05/12/2022)
cve_nvd_summaryThe TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.

Interested in the pricing of exploits?

See the underground prices here!