Vulnerabilities > CVE-2021-33317 - NULL Pointer Dereference vulnerability in Trendnet products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

trendnet

CWE-476

NVD

Published: 2022-05-11

Updated: 2022-05-20

Summary

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.

Vulnerable Configurations

Part	Description	Count
OS	Trendnet Trendnet TI Pg1284I Firmware * Trendnet TI G102I Firmware - Trendnet TI G160I Firmware - Trendnet TI G642I Firmware - Trendnet TI Pg102I Firmware - Trendnet TI Pg541I Firmware - Trendnet TI Rp262I Firmware - Trendnet TEG 30102Ws Firmware - Trendnet TPE 30102Ws Firmware -	9
Hardware	Trendnet Trendnet TI Pg1284I 2.0R Trendnet TI G102I - Trendnet TI G160I - Trendnet TI G642I - Trendnet TI Pg102I - Trendnet TI Pg541I - Trendnet TI Rp262I - Trendnet TEG 30102Ws - Trendnet TPE 30102Ws -	9

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://www.trendnet.com/support/view.asp?cat=4&id=81