Details of VAR-202205-0842

ID

VAR-202205-0842

CVE

CVE-2021-33315

TITLE

plural TRENDnet Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-019614

DESCRIPTION

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet The product contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company. TRENDnet TI-PG1284i versions prior to 2.0.2.S0 have security vulnerabilities, and no detailed vulnerability details are currently provided

Trust: 2.25

sources: NVD: CVE-2021-33315 // JVNDB: JVNDB-2021-019614 // CNVD: CNVD-2022-40308 // VULMON: CVE-2021-33315

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-40308

AFFECTED PRODUCTS

vendor:	trendnet	model:	ti-g160i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-pg1284i	scope:	lt	version:	2.0.2.s0	Trust: 1.0
vendor:	trendnet	model:	ti-g642i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	teg-30102ws	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-pg541i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	tpe-30102ws	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-g102i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-pg102i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-rp262i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-pg102i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-g160i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-pg1284i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-pg541i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	tpe-30102ws	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	teg-30102ws	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-g102i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-g642i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-rp262i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-pg1284i <2.0.2.s0	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-40308 // JVNDB: JVNDB-2021-019614 // NVD: CVE-2021-33315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33315
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-33315
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-40308
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202205-3021
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-33315
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-33315
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-40308
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-33315
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33315
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-40308 // VULMON: CVE-2021-33315 // JVNDB: JVNDB-2021-019614 // CNNVD: CNNVD-202205-3021 // NVD: CVE-2021-33315

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-019614 // NVD: CVE-2021-33315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3021

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3021

PATCH

title:	Patch for TRENDnet TI-PG1284i Integer Underflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/333686	Trust: 0.6
title:	TRENDnet TI-PG Series Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199824	Trust: 0.6

sources: CNVD: CNVD-2022-40308 // CNNVD: CNNVD-202205-3021

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33315	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-019614	Trust: 0.8
db:	CNVD	id:	CNVD-2022-40308	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3021	Trust: 0.6
db:	VULMON	id:	CVE-2021-33315	Trust: 0.1

sources: CNVD: CNVD-2022-40308 // VULMON: CVE-2021-33315 // JVNDB: JVNDB-2021-019614 // CNNVD: CNNVD-202205-3021 // NVD: CVE-2021-33315

REFERENCES

url:	https://www.trendnet.com/support/view.asp?cat=4&id=81	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33315	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2021-33315/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/191.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-40308 // VULMON: CVE-2021-33315 // JVNDB: JVNDB-2021-019614 // CNNVD: CNNVD-202205-3021 // NVD: CVE-2021-33315

SOURCES

db:	CNVD	id:	CNVD-2022-40308
db:	VULMON	id:	CVE-2021-33315
db:	JVNDB	id:	JVNDB-2021-019614
db:	CNNVD	id:	CNNVD-202205-3021
db:	NVD	id:	CVE-2021-33315

LAST UPDATE DATE

2024-08-14T15:11:27.879000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-40308	date:	2022-05-24T00:00:00
db:	VULMON	id:	CVE-2021-33315	date:	2022-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-019614	date:	2023-08-07T08:16:00
db:	CNNVD	id:	CNNVD-202205-3021	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-33315	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-40308	date:	2022-05-25T00:00:00
db:	VULMON	id:	CVE-2021-33315	date:	2022-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-019614	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-3021	date:	2022-05-11T00:00:00
db:	NVD	id:	CVE-2021-33315	date:	2022-05-11T18:15:22.580