CVE-2021-33315
Vulnerability from cvelistv5
Published
2022-05-11 17:34
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.trendnet.com/support/view.asp?cat=4&id=81 | Patch, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:41.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T17:34:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81",
"refsource": "MISC",
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33315",
"datePublished": "2022-05-11T17:34:24",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:50:41.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-33315\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-05-11T18:15:22.580\",\"lastModified\":\"2022-07-12T17:42:04.277\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.\"},{\"lang\":\"es\",\"value\":\"El switch TRENDnet TI-PG1284i (hw versi\u00f3n v2.0R) versiones anteriores a 2.0.2.S0, sufre una vulnerabilidad de desbordamiento de enteros. Esta vulnerabilidad se presenta en su componente relacionado con lldp. Debido a una falta de comprobaci\u00f3n apropiada en el campo de longitud del TLV PortID, mediante el env\u00edo de un paquete lldp dise\u00f1ado al dispositivo, es producido un desbordamiento de enteros y el n\u00famero negativo es pasado a memcpy() m\u00e1s tarde, lo que podr\u00eda causar un desbordamiento del b\u00fafer o un acceso a la memoria no v\u00e1lido\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trendnet:ti-pg1284i_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.2.s0\",\"matchCriteriaId\":\"E00528D5-3C8F-4AD9-AA39-DB45DD5F11EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:trendnet:ti-pg1284i:2.0r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CA516E3-DBB2-47F9-BBAB-101D89111085\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:trendnet:ti-g102i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA4B9F79-2514-4460-B039-7814F0058426\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trendnet:ti-g102i_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB15E6B1-FB33-4CC2-90AA-5F1C8A730060\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:trendnet:ti-g160i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A61362FA-0D38-4A24-B9B8-B0092CA1B6ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trendnet:ti-g160i_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC8EABC3-67F8-4C86-BEF7-F1863A80DBBB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:trendnet:ti-g642i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44434E86-E69C-417E-84C4-64BCD8C03002\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trendnet:ti-g642i_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F06A138-BD87-4F6D-A90A-0ED3C2C51176\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:trendnet:ti-pg102i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C90DA4A-E297-4ABB-BDAE-71F29BD7D610\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trendnet:ti-pg102i_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0541C592-59AA-450B-AD5A-A4993CCA1892\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:trendnet:ti-pg541i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59C28218-15BE-47E6-B9BD-79C8D0E89967\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trendnet:ti-pg541i_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0B92180-6071-4F1F-B481-0AECCCC62F25\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:trendnet:ti-rp262i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16B102EC-44F0-4BCE-B3E2-B0558190B8AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trendnet:ti-rp262i_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB731996-395D-4157-81F3-23ED0F2D9C65\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:trendnet:teg-30102ws:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF0A9BE8-6F50-4332-97A4-A5328463DD06\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trendnet:teg-30102ws_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"800EB91D-D8EE-4EC4-A477-A8E853C9A1CA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:trendnet:tpe-30102ws:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3A48184-1480-4F37-9055-F5AA4DA25F00\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trendnet:tpe-30102ws_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88281192-60D8-400F-A815-996481E69201\"}]}]}],\"references\":[{\"url\":\"https://www.trendnet.com/support/view.asp?cat=4\u0026id=81\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.