All the vulnerabilites related to TRENDnet - TI-G160i
var-202205-0897
Vulnerability from variot
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet The product contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company.
TRENDnet TI-PG1284i versions prior to 2.0.2.S0 have security vulnerabilities, and no detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0897",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ti-g160i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i",
"scope": "lt",
"trust": 1.0,
"vendor": "trendnet",
"version": "2.0.2.s0"
},
{
"model": "ti-g642i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "teg-30102ws",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg541i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "tpe-30102ws",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g102i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg102i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-rp262i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg102i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g160i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg541i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tpe-30102ws",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "teg-30102ws",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g102i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g642i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-rp262i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i \u003c2.0.2.s0",
"scope": null,
"trust": 0.6,
"vendor": "trendnet",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40314"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019613"
},
{
"db": "NVD",
"id": "CVE-2021-33316"
}
]
},
"cve": "CVE-2021-33316",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33316",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-40314",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33316",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33316",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33316",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-33316",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-40314",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3023",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-33316",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40314"
},
{
"db": "VULMON",
"id": "CVE-2021-33316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019613"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3023"
},
{
"db": "NVD",
"id": "CVE-2021-33316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet The product contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company. \n\r\n\r\nTRENDnet TI-PG1284i versions prior to 2.0.2.S0 have security vulnerabilities, and no detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019613"
},
{
"db": "CNVD",
"id": "CNVD-2022-40314"
},
{
"db": "VULMON",
"id": "CVE-2021-33316"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33316",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019613",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-40314",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3023",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33316",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40314"
},
{
"db": "VULMON",
"id": "CVE-2021-33316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019613"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3023"
},
{
"db": "NVD",
"id": "CVE-2021-33316"
}
]
},
"id": "VAR-202205-0897",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40314"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40314"
}
]
},
"last_update_date": "2024-08-14T14:17:58.797000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TRENDnet TI-PG1284i Integer Underflow Vulnerability (CNVD-2022-40314)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/333691"
},
{
"title": "TRENDnet TI-PG Series Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199825"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40314"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3023"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019613"
},
{
"db": "NVD",
"id": "CVE-2021-33316"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33316"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33316/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/191.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40314"
},
{
"db": "VULMON",
"id": "CVE-2021-33316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019613"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3023"
},
{
"db": "NVD",
"id": "CVE-2021-33316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-40314"
},
{
"db": "VULMON",
"id": "CVE-2021-33316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019613"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3023"
},
{
"db": "NVD",
"id": "CVE-2021-33316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-40314"
},
{
"date": "2022-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33316"
},
{
"date": "2023-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019613"
},
{
"date": "2022-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3023"
},
{
"date": "2022-05-11T18:15:22.723000",
"db": "NVD",
"id": "CVE-2021-33316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-40314"
},
{
"date": "2022-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33316"
},
{
"date": "2023-08-07T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-019613"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3023"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2021-33316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3023"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0TRENDnet\u00a0 Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019613"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3023"
}
],
"trust": 0.6
}
}
var-202205-0842
Vulnerability from variot
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet The product contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company.
TRENDnet TI-PG1284i versions prior to 2.0.2.S0 have security vulnerabilities, and no detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0842",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ti-g160i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i",
"scope": "lt",
"trust": 1.0,
"vendor": "trendnet",
"version": "2.0.2.s0"
},
{
"model": "ti-g642i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "teg-30102ws",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg541i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "tpe-30102ws",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g102i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg102i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-rp262i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg102i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g160i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg541i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tpe-30102ws",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "teg-30102ws",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g102i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g642i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-rp262i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i \u003c2.0.2.s0",
"scope": null,
"trust": 0.6,
"vendor": "trendnet",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"cve": "CVE-2021-33315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33315",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-40308",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33315",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33315",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33315",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-33315",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-40308",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3021",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-33315",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet The product contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company. \n\r\n\r\nTRENDnet TI-PG1284i versions prior to 2.0.2.S0 have security vulnerabilities, and no detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "VULMON",
"id": "CVE-2021-33315"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33315",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-40308",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33315",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"id": "VAR-202205-0842",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
}
]
},
"last_update_date": "2024-08-14T15:11:27.879000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TRENDnet TI-PG1284i Integer Underflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/333686"
},
{
"title": "TRENDnet TI-PG Series Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199824"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33315"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33315/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/191.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"date": "2022-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"date": "2023-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"date": "2022-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"date": "2022-05-11T18:15:22.580000",
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"date": "2022-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"date": "2023-08-07T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0TRENDnet\u00a0 Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
}
],
"trust": 0.6
}
}
var-202205-0578
Vulnerability from variot
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0578",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ti-g160i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i",
"scope": "lt",
"trust": 1.0,
"vendor": "trendnet",
"version": "2.0.2.s0"
},
{
"model": "ti-g642i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "teg-30102ws",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg541i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "tpe-30102ws",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g102i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg102i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-rp262i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg102i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g160i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg541i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tpe-30102ws",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "teg-30102ws",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g102i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g642i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-rp262i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i \u003c2.0.2.s0",
"scope": null,
"trust": 0.6,
"vendor": "trendnet",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019612"
},
{
"db": "NVD",
"id": "CVE-2021-33317"
}
]
},
"cve": "CVE-2021-33317",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33317",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-40315",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33317",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-33317",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33317",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-33317",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-40315",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-33317",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40315"
},
{
"db": "VULMON",
"id": "CVE-2021-33317"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019612"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3024"
},
{
"db": "NVD",
"id": "CVE-2021-33317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33317"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019612"
},
{
"db": "CNVD",
"id": "CNVD-2022-40315"
},
{
"db": "VULMON",
"id": "CVE-2021-33317"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33317",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019612",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-40315",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3024",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33317",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40315"
},
{
"db": "VULMON",
"id": "CVE-2021-33317"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019612"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3024"
},
{
"db": "NVD",
"id": "CVE-2021-33317"
}
]
},
"id": "VAR-202205-0578",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40315"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40315"
}
]
},
"last_update_date": "2024-08-14T15:42:25.701000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TRENDnet TI-PG1284i Null Pointer Dereference Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/333696"
},
{
"title": "TRENDnet TI-PG1284i Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193704"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40315"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019612"
},
{
"db": "NVD",
"id": "CVE-2021-33317"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33317"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33317/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40315"
},
{
"db": "VULMON",
"id": "CVE-2021-33317"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019612"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3024"
},
{
"db": "NVD",
"id": "CVE-2021-33317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-40315"
},
{
"db": "VULMON",
"id": "CVE-2021-33317"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019612"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3024"
},
{
"db": "NVD",
"id": "CVE-2021-33317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-40315"
},
{
"date": "2022-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33317"
},
{
"date": "2023-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019612"
},
{
"date": "2022-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3024"
},
{
"date": "2022-05-11T18:15:22.783000",
"db": "NVD",
"id": "CVE-2021-33317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-40315"
},
{
"date": "2022-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33317"
},
{
"date": "2023-08-07T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-019612"
},
{
"date": "2022-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3024"
},
{
"date": "2022-05-20T15:38:02.560000",
"db": "NVD",
"id": "CVE-2021-33317"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3024"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0TRENDnet\u00a0 In the product \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019612"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3024"
}
],
"trust": 0.6
}
}
cve-2021-33316
Vulnerability from cvelistv5
Published
2022-05-11 17:34
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trendnet.com/support/view.asp?cat=4&id=81 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:41.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T17:34:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81",
"refsource": "MISC",
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33316",
"datePublished": "2022-05-11T17:34:24",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:50:41.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-8731
Vulnerability from cvelistv5
Published
2025-08-08 15:32
Modified
2025-08-13 08:18
Severity ?
8.9 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RC:R
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RC:R
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RC:R
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RC:R
EPSS score ?
Summary
TRENDnet TI-G160i/TI-PG102i/TPL-430AP SSH Service default credentials
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319227 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319227 | signature, permissions-required | |
| https://vuldb.com/?submit.621749 | third-party-advisory | |
| https://github.com/Nicholas-wei/bug-discovery/blob/main/trendnet/TPL-430AP_FW1.0.1/trendnet_several_vulns.pdf | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8731",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T16:04:22.541132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T16:04:34.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SSH Service"
],
"product": "TI-G160i",
"vendor": "TRENDnet",
"versions": [
{
"status": "affected",
"version": "20250724"
}
]
},
{
"modules": [
"SSH Service"
],
"product": "TI-PG102i",
"vendor": "TRENDnet",
"versions": [
{
"status": "affected",
"version": "20250724"
}
]
},
{
"modules": [
"SSH Service"
],
"product": "TPL-430AP",
"vendor": "TRENDnet",
"versions": [
{
"status": "affected",
"version": "20250724"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nich0las (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains: \"For product TI-PG102i and TI-G160i, by default, the product\u0027s remote management options are all disabled. The root account is for troubleshooting purpose and the password is encrypted. However, we will remove the root account from the next firmware release. For product TPL-430AP, the initial setup process requires user to set the password for the management GUI. Once that was done, the default password will be invalid.\""
},
{
"lang": "de",
"value": "Es geht dabei um eine nicht klar definierte Funktion der Komponente SSH Service. Durch das Manipulieren mit unbekannten Daten kann eine use of default credentials-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T08:18:21.779Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319227 | TRENDnet TI-G160i/TI-PG102i/TPL-430AP SSH Service default credentials",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319227"
},
{
"name": "VDB-319227 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319227"
},
{
"name": "Submit #621749 | trendnet TI-G160i,TI-PG102i,TPL-430AP TI-G160i with version v1_1.0.5.S0,TI-PG102i with version v1_1.0.11, v1_1.0.13 and v1_1.0.15,TPL-430AP with version 1.0.1 Use of Default Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621749"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Nicholas-wei/bug-discovery/blob/main/trendnet/TPL-430AP_FW1.0.1/trendnet_several_vulns.pdf"
}
],
"tags": [
"disputed"
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-13T10:23:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "TRENDnet TI-G160i/TI-PG102i/TPL-430AP SSH Service default credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8731",
"datePublished": "2025-08-08T15:32:05.773Z",
"dateReserved": "2025-08-08T07:45:03.332Z",
"dateUpdated": "2025-08-13T08:18:21.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33317
Vulnerability from cvelistv5
Published
2022-05-11 17:34
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trendnet.com/support/view.asp?cat=4&id=81 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:41.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T17:34:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81",
"refsource": "MISC",
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33317",
"datePublished": "2022-05-11T17:34:25",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:50:41.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33315
Vulnerability from cvelistv5
Published
2022-05-11 17:34
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trendnet.com/support/view.asp?cat=4&id=81 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:41.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T17:34:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81",
"refsource": "MISC",
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33315",
"datePublished": "2022-05-11T17:34:24",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:50:41.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}