CVE-2021-46390
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-46390
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service (DoS). An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information related to the password of the registered user. The secure USB flash drive transmits the password entered by the user to the authentication module in the drive after the user registers a password, and then the input password is compared with the registered password stored in the authentication module. Subsequently, the module returns the comparison result for the authentication decision. Therefore, an attacker can bypass password authentication by analyzing the functions that return the password verification or comparison results and manipulate the authentication result values. Accordingly, even if attackers enter an incorrect password, they can be authenticated as a legitimate user and can therefore exploit functions of the secure USB flash drive by manipulating the authentication result values.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Lexar_F35 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Lexar_F35是美国Lexar公司的一款 U 盘。 Lexar_F35 1.0.34版本存在安全漏洞,该漏洞源于身份验证模块中的访问控制问题。攻击者利用该漏洞访问敏感数据并导致拒绝服务 (DoS)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2021-46390
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCVerified env Premium
Reproduced successfully in a real sandbox· Below is the actual recording of building the environment and exploiting the vulnerability.
Success marker:
VULNERABLE: Auth bypass confirmed - accessed encryption_key=AES-256-KEY-a3f8b2c1d4e5f6071829 without valid passwordReproduction recording is a Pro+ exclusive
Watch the full sandbox build + live exploit recording for this CVE. Limited-time ¥499/mo.
Upgrade to Pro+claude_code · 3437 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2021-46390
请登录查看更多情报信息。
Vendor Advisories for CVE-2021-46390 (1)
Other References for CVE-2021-46390 (3)
Same Patch Batch · n/a · 2022-03-21 · 34 CVEs total
| CVE-2022-25766 | 8.8 HIGH | Remote Code Execution (RCE) |
| CVE-2022-25570 | Click Studios Passwordstate 代码问题漏洞 | |
| CVE-2022-24235 | Snapt Aria 跨站请求伪造漏洞 | |
| CVE-2022-24236 | Snapt Aria安全漏洞 | |
| CVE-2022-24237 | Snapt Aria 操作系统命令注入漏洞 | |
| CVE-2022-26960 | elFinder 路径遍历漏洞 | |
| CVE-2020-24772 | Github clash 访问控制错误漏洞 | |
| CVE-2022-26494 | PrimeKey SignServer 跨站脚本漏洞 | |
| CVE-2021-45117 | UA-Nodeset 代码问题漏洞 | |
| CVE-2022-23347 | Big Ant Studios BigAnt Software BigAnt Server 路径遍历漏洞 | |
| CVE-2022-24656 | HexoEditor 跨站脚本漏洞 | |
| CVE-2021-45878 | GARO Wallbox GLB/GTB/GTC 访问控制错误漏洞 | |
| CVE-2021-45877 | GARO Wallbox GLB/GTB/GTC 信任管理问题漏洞 | |
| CVE-2021-45876 | GARO Wallbox GLB/GTB/GTC 命令注入漏洞 | |
| CVE-2022-25505 | Taocms SQL注入漏洞 | |
| CVE-2022-26183 | Github PNPM 代码问题漏洞 | |
| CVE-2022-26184 | Poetry 代码问题漏洞 | |
| CVE-2022-26285 | Simple Subscription Website SQL注入漏洞 | |
| CVE-2022-23349 | Big Ant Studios BigAnt Software BigAnt Server 跨站请求伪造漏洞 | |
| CVE-2022-23350 | Big Ant Studios BigAnt Software BigAnt Server 跨站脚本漏洞 |
Showing top 20 of 34 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
V. Comments for CVE-2021-46390
No comments yet