CVE-2021-33315

Name of the Vulnerable Software and Affected Versions TRENDnet TI-PG1284i switch (hw v2.0R) versions prior to 2.0.2.S0

Description The issue exists in the lldp related component of the switch due to a lack of proper validation on the length field of PortID TLV. By sending a crafted lldp packet to the device, an integer underflow would occur, and a negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.

Recommendations For versions prior to 2.0.2.S0, update to version 2.0.2.S0 or later to resolve the issue. As a temporary workaround, consider restricting access to the lldp related component to minimize the risk of exploitation.