CVE-2021-33315 – CVE-2021-33315 is a critical integer underflow ... (How to Fix)

Q: What is the severity of CVE-2021-33315?

CVE-2021-33315 has a CVSS score of 9.8 (CRITICAL). CVE-2021-33315 is a critical integer underflow vulnerability in TRENDnet TI-PG1284i switches that allows remote attackers to trigger buffer overflow or invalid memory access via crafted LLDP packets. This affects TRENDnet TI-PG1284i hardware version 2.0R switches running firmware versions prior to 2.0.2.S0. Attackers can potentially execute arbitrary code or crash the device.

📋 TL;DR

CVE-2021-33315 is a critical integer underflow vulnerability in TRENDnet TI-PG1284i switches that allows remote attackers to trigger buffer overflow or invalid memory access via crafted LLDP packets. This affects TRENDnet TI-PG1284i hardware version 2.0R switches running firmware versions prior to 2.0.2.S0. Attackers can potentially execute arbitrary code or crash the device.

💻 Affected Systems

Products:

TRENDnet TI-PG1284i

Versions: All versions prior to 2.0.2.S0

Operating Systems: Embedded switch firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Hardware version 2.0R only. LLDP is typically enabled by default on managed switches.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network disruption, or lateral movement within the network.

🟠

Likely Case

Device crash causing network outage, denial of service affecting connected devices.

🟢

If Mitigated

Limited impact if network segmentation prevents LLDP packet access to vulnerable switches.

🌐 Internet-Facing: HIGH - LLDP is typically enabled by default and can be exploited remotely if switches are exposed.

🏢 Internal Only: HIGH - Internal attackers or compromised devices can exploit this vulnerability via network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted LLDP packets to the vulnerable switch.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.2.S0

Vendor Advisory: https://www.trendnet.com/support/view.asp?cat=4&id=81

Restart Required: Yes

Instructions:

1. Download firmware version 2.0.2.S0 from TRENDnet support site. 2. Log into switch web interface. 3. Navigate to System > Firmware Upgrade. 4. Upload and apply the new firmware. 5. Reboot the switch.

🔧 Temporary Workarounds

Disable LLDP

all

Disable Link Layer Discovery Protocol to prevent exploitation via crafted packets.

configure terminal
no lldp run
end
write memory

Network Segmentation

all

Isolate vulnerable switches from untrusted networks using VLANs or firewalls.

🧯 If You Can't Patch

Implement strict network access controls to limit LLDP traffic to trusted sources only.
Monitor network traffic for anomalous LLDP packets and implement intrusion detection.

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface: System > Firmware Information. If version is below 2.0.2.S0, device is vulnerable.

Check Version:

show version (via CLI) or check web interface System > Firmware Information

Verify Fix Applied:

After patching, verify firmware version shows 2.0.2.S0 and test LLDP functionality if required.

📡 Detection & Monitoring

Log Indicators:

Switch crash logs
LLDP protocol errors
Memory access violation logs

Network Indicators:

Unusual LLDP packets with malformed PortID TLV fields
LLDP traffic from unexpected sources

SIEM Query:

source="switch_logs" AND ("crash" OR "lldp error" OR "memory violation")

📊 Metadata

CVE ID: CVE-2021-33315

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: May 11, 2022

Last Updated: November 21, 2024

🔗 References

https://www.trendnet.com/support/view.asp?cat=4&id=81 Patch,Vendor Advisory
https://www.trendnet.com/support/view.asp?cat=4&id=81 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33315, you might also want to check these: