Headline
CVE-2021-33315: Warranty Policy | TRENDnet
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
Buffer overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) on some of the L2 Managed Industrial Switches
TRENDnet has released firmware patches for buffer overflowvulnerabilities in the Link Layer Discovery Protocol (LLDP) on the following L2Managed Industrial Switches.
CVE ID: Not available
TI-G102i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=180_TI-G102i
TI-G160i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=110_TI-G160i
TI-G642i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=185_TI-G642i
TI-PG102i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=105_TI-PG102i
TI-PG541i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=145_TI-PG541i
TI-PG1284i hardware version: V2.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=160_TI-PG1284i
TI-RP262i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=110_TI-RP262i
TEG-30102WS hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=230_TEG-30102WS
TPE-30102WS hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=225_TPE-30102WS
Acknowledgements: Qian Chen of Qihoo 360 Nirvan Team
Revision:
05/24/2021: added TEG-30102WS and TPE-30102WS
04/20/2021: Initial release.