CVE-2021-33317

Name of the Vulnerable Software and Affected Versions TRENDnet TI-PG1284i switch (hw v2.0R) versions prior to 2.0.2.S0

Description The issue exists in the lldp related component of the switch due to a failure to check if the ChassisID TLV is contained in a packet. By sending a crafted lldp packet to the device, an attacker can cause a null pointer dereference, leading to a process crash.

Recommendations For versions prior to 2.0.2.S0, update to version 2.0.2.S0 or later to resolve the issue. As a temporary workaround, consider restricting access to the lldp component to minimize the risk of exploitation.