Buffer overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) on some of the L2 Managed Industrial Switches

TRENDnet has released firmware patches for buffer overflowvulnerabilities in the Link Layer Discovery Protocol (LLDP) on the following L2Managed Industrial Switches.

CVE ID:

CVE-2021-33315: integer underflow vulnerability
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33315)

CVE-2021-33316: integer underflow vulnerability
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33316)

CVE-2021-33317: null pointer dereference vulnerability
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33317)

TI-G102i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=180_TI-G102i

TI-G160i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=110_TI-G160i

TI-G642i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=185_TI-G642i

TI-PG102i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=105_TI-PG102i

TI-PG541i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=145_TI-PG541i

TI-PG1284i hardware version: V2.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=160_TI-PG1284i

TI-RP262i hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=110_TI-RP262i

TEG-30102WS hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=230_TEG-30102WS

TPE-30102WS hardware version: V1.0R
Download Link: https://www.trendnet.com/support/support-detail.asp?prod=225_TPE-30102WS

Acknowledgements: Qian Chen of Qihoo 360 Nirvan Team

Revision:
05/24/2021: added TEG-30102WS and TPE-30102WS
04/20/2021: Initial release.