Null Pointer Dereference in TRENDnet TI-PG1284i Switch
CVE-2021-33317

7.5HIGH

Key Information:

Vendor: Trendnet
Status: Ti-pg1284i Firmware
Vendor: CVE Published:; 11 May 2022

What is CVE-2021-33317?

The TRENDnet TI-PG1284i switch, specifically hardware version 2.0R and prior to version 2.0.2.S0, is susceptible to a null pointer dereference vulnerability in its LLDP (Link Layer Discovery Protocol) component. This vulnerability arises from the failure to verify the presence of a ChassisID TLV in incoming packets. An attacker can exploit this by sending specially crafted LLDP packets to the device, resulting in a crash of the device's process due to a null pointer dereference.

References

https://www.trendnet.com/support/view.asp?cat=4&id=81

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2022
Vulnerability Reserved
May 20, 2021

Trendnet

What is CVE-2021-33317?

References

CVSS V3.1

Timeline