Unrated severityNVD Advisory· Published Jan 7, 2010· Updated Apr 23, 2026

CVE-2010-0225

Description

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

Affected products

Sandisk/Cruzer Enterprise Firmware
cpe:2.3:o:sandisk:cruzer_enterprise_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

it.slashdot.org/story/10/01/05/1734242/nvdThird Party Advisory
www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.htmlnvdThird Party Advisory
www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009nvdVendor Advisory
www.securityfocus.com/bid/37677nvdThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2010/0078nvdThird Party Advisory
blogs.zdnet.com/hardware/nvdBroken Link
www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdfnvdBroken Link
www.ironkey.com/usb-flash-drive-flaw-exposednvdBroken Link
www.syss.de/index.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000