Integer Underflow Vulnerability in TRENDnet TI-PG1284i Switch
CVE-2021-33316

9.8CRITICAL

Key Information:

Vendor: Trendnet
Status: Ti-pg1284i Firmware
Vendor: CVE Published:; 11 May 2022

What is CVE-2021-33316?

The TRENDnet TI-PG1284i switch (hw v2.0R) versions prior to 2.0.2.S0 are susceptible to an integer underflow vulnerability in their LLDP component. This flaw stems from inadequate validation of the length field in the ChassisID TLV. An attacker can exploit this by sending a specially crafted LLDP packet, which may result in an integer underflow that allows negative values to be processed by the memcpy() function. This may ultimately lead to buffer overflow or unauthorized memory access, potentially compromising the device's stability and security.

References

https://www.trendnet.com/support/view.asp?cat=4&id=81

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2022
Vulnerability Reserved
May 20, 2021

Trendnet

What is CVE-2021-33316?

References

CVSS V3.1

Timeline