Details of VAR-202205-0897

ID

VAR-202205-0897

CVE

CVE-2021-33316

TITLE

plural TRENDnet Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-019613

DESCRIPTION

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet The product contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company. TRENDnet TI-PG1284i versions prior to 2.0.2.S0 have security vulnerabilities, and no detailed vulnerability details are currently provided

Trust: 2.25

sources: NVD: CVE-2021-33316 // JVNDB: JVNDB-2021-019613 // CNVD: CNVD-2022-40314 // VULMON: CVE-2021-33316

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-40314

AFFECTED PRODUCTS

vendor:	trendnet	model:	ti-g160i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-pg1284i	scope:	lt	version:	2.0.2.s0	Trust: 1.0
vendor:	trendnet	model:	ti-g642i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	teg-30102ws	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-pg541i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	tpe-30102ws	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-g102i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-pg102i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-rp262i	scope:	eq	version:	-	Trust: 1.0
vendor:	trendnet	model:	ti-pg102i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-g160i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-pg1284i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-pg541i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	tpe-30102ws	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	teg-30102ws	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-g102i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-g642i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-rp262i	scope:	-	version:	-	Trust: 0.8
vendor:	trendnet	model:	ti-pg1284i <2.0.2.s0	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-40314 // JVNDB: JVNDB-2021-019613 // NVD: CVE-2021-33316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33316
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-33316
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-40314
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202205-3023
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-33316
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-33316
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-40314
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-33316
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33316
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-40314 // VULMON: CVE-2021-33316 // JVNDB: JVNDB-2021-019613 // CNNVD: CNNVD-202205-3023 // NVD: CVE-2021-33316

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-019613 // NVD: CVE-2021-33316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3023

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3023

PATCH

title:	Patch for TRENDnet TI-PG1284i Integer Underflow Vulnerability (CNVD-2022-40314)	url:	https://www.cnvd.org.cn/patchInfo/show/333691	Trust: 0.6
title:	TRENDnet TI-PG Series Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199825	Trust: 0.6

sources: CNVD: CNVD-2022-40314 // CNNVD: CNNVD-202205-3023

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33316	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-019613	Trust: 0.8
db:	CNVD	id:	CNVD-2022-40314	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3023	Trust: 0.6
db:	VULMON	id:	CVE-2021-33316	Trust: 0.1

sources: CNVD: CNVD-2022-40314 // VULMON: CVE-2021-33316 // JVNDB: JVNDB-2021-019613 // CNNVD: CNNVD-202205-3023 // NVD: CVE-2021-33316

REFERENCES

url:	https://www.trendnet.com/support/view.asp?cat=4&id=81	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33316	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2021-33316/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/191.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-40314 // VULMON: CVE-2021-33316 // JVNDB: JVNDB-2021-019613 // CNNVD: CNNVD-202205-3023 // NVD: CVE-2021-33316

SOURCES

db:	CNVD	id:	CNVD-2022-40314
db:	VULMON	id:	CVE-2021-33316
db:	JVNDB	id:	JVNDB-2021-019613
db:	CNNVD	id:	CNNVD-202205-3023
db:	NVD	id:	CVE-2021-33316

LAST UPDATE DATE

2024-08-14T14:17:58.797000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-40314	date:	2022-05-24T00:00:00
db:	VULMON	id:	CVE-2021-33316	date:	2022-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-019613	date:	2023-08-07T08:16:00
db:	CNNVD	id:	CNNVD-202205-3023	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-33316	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-40314	date:	2022-05-25T00:00:00
db:	VULMON	id:	CVE-2021-33316	date:	2022-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-019613	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-3023	date:	2022-05-11T00:00:00
db:	NVD	id:	CVE-2021-33316	date:	2022-05-11T18:15:22.723