CVE-2021-33317 – This vulnerability allows remote attackers to c... (How to Fix)

Q: What is the severity of CVE-2021-33317?

CVE-2021-33317 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to crash the LLDP process on TRENDnet TI-PG1284i switches by sending specially crafted LLDP packets that trigger a null pointer dereference. Affected organizations are those using TRENDnet TI-PG1284i hardware version 2.0R switches with firmware older than version 2.0.2.S0.

📋 TL;DR

This vulnerability allows remote attackers to crash the LLDP process on TRENDnet TI-PG1284i switches by sending specially crafted LLDP packets that trigger a null pointer dereference. Affected organizations are those using TRENDnet TI-PG1284i hardware version 2.0R switches with firmware older than version 2.0.2.S0.

💻 Affected Systems

Products:

TRENDnet TI-PG1284i switch

Versions: All versions prior to 2.0.2.S0

Operating Systems: Embedded switch firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Hardware version 2.0R specifically; LLDP is typically enabled by default on managed switches.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service affecting network switch management functionality, potentially disrupting LLDP-based network discovery and topology mapping.

🟠

Likely Case

Service disruption of the LLDP process causing temporary loss of neighbor discovery capabilities until process restart.

🟢

If Mitigated

Minimal impact if switches are patched or network segmentation prevents unauthorized LLDP packet injection.

🌐 Internet-Facing: MEDIUM - While LLDP typically operates on internal networks, misconfigured interfaces or VLANs could expose the vulnerability.

🏢 Internal Only: HIGH - LLDP operates at layer 2 and is commonly enabled on internal network interfaces, making internal attackers a significant threat.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted LLDP packets to vulnerable switch interfaces; no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.2.S0

Vendor Advisory: https://www.trendnet.com/support/view.asp?cat=4&id=81

Restart Required: Yes

Instructions:

1. Download firmware version 2.0.2.S0 from TRENDnet support site. 2. Log into switch web interface. 3. Navigate to System > Firmware Upgrade. 4. Upload and apply the new firmware. 5. Reboot the switch.

🔧 Temporary Workarounds

Disable LLDP

all

Temporarily disable LLDP protocol on vulnerable switches to prevent exploitation.

configure terminal
no lldp run
end
write memory

Network Segmentation

all

Restrict LLDP traffic to trusted network segments using VLANs or ACLs.

🧯 If You Can't Patch

Implement network segmentation to isolate switches from untrusted networks
Deploy network monitoring to detect anomalous LLDP traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface: System > Firmware Information, or CLI: show version

Check Version:

show version

Verify Fix Applied:

Confirm firmware version is 2.0.2.S0 or later and test LLDP functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

LLDP process crashes
Unexpected process restarts
System log entries indicating null pointer exceptions

Network Indicators:

Malformed LLDP packets with missing ChassisID TLV
Unusual LLDP traffic patterns

SIEM Query:

source="switch_logs" AND ("lldp" OR "process crash" OR "null pointer")

📊 Metadata

CVE ID: CVE-2021-33317

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 11, 2022

Last Updated: November 21, 2024

🔗 References

https://www.trendnet.com/support/view.asp?cat=4&id=81 Patch,Vendor Advisory
https://www.trendnet.com/support/view.asp?cat=4&id=81 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33317, you might also want to check these: