var-202205-0842
Vulnerability from variot
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet The product contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company.
TRENDnet TI-PG1284i versions prior to 2.0.2.S0 have security vulnerabilities, and no detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0842",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ti-g160i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i",
"scope": "lt",
"trust": 1.0,
"vendor": "trendnet",
"version": "2.0.2.s0"
},
{
"model": "ti-g642i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "teg-30102ws",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg541i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "tpe-30102ws",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g102i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg102i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-rp262i",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg102i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g160i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg541i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tpe-30102ws",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "teg-30102ws",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g102i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-g642i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-rp262i",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "ti-pg1284i \u003c2.0.2.s0",
"scope": null,
"trust": 0.6,
"vendor": "trendnet",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"cve": "CVE-2021-33315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33315",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-40308",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33315",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33315",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33315",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-33315",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-40308",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3021",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-33315",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet The product contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company. \n\r\n\r\nTRENDnet TI-PG1284i versions prior to 2.0.2.S0 have security vulnerabilities, and no detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "VULMON",
"id": "CVE-2021-33315"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33315",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-40308",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33315",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"id": "VAR-202205-0842",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
}
]
},
"last_update_date": "2024-08-14T15:11:27.879000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TRENDnet TI-PG1284i Integer Underflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/333686"
},
{
"title": "TRENDnet TI-PG Series Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199824"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.trendnet.com/support/view.asp?cat=4\u0026id=81"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33315"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33315/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/191.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"date": "2022-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"date": "2023-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"date": "2022-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"date": "2022-05-11T18:15:22.580000",
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-40308"
},
{
"date": "2022-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33315"
},
{
"date": "2023-08-07T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-019614"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3021"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2021-33315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0TRENDnet\u00a0 Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019614"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3021"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.