Description
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.trendnet.com/support/view.asp?cat=4&id=81
Scores
CVSS v3
7.5
EPSS
0.0046
EPSS Percentile
64.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (9)
trendnet/teg-30102ws_firmware
trendnet/ti-g102i_firmware
trendnet/ti-g160i_firmware
trendnet/ti-g642i_firmware
trendnet/ti-pg102i_firmware
trendnet/ti-pg1284i_firmware
< 2.0.2.s0
trendnet/ti-pg541i_firmware
trendnet/ti-rp262i_firmware
trendnet/tpe-30102ws_firmware
Published
May 11, 2022
Tracked Since
Feb 18, 2026