Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2021-36285

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

Published: Sep 28, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-36285
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.7
AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-307

Affected Software
References

Software	From	Fixed in
dell / latitude_5310_2-in-1_firmware	-	1.7.0
dell / latitude_5320_firmware	-	1.7.0
dell / latitude_5400_firmware	-	1.7.1
dell / latitude_5411_firmware	-	1.6.0
dell / latitude_5500_firmware	-	1.8.0
dell / latitude_5520_firmware	-	1.6.0
dell / latitude_5511_firmware	-	1.7.1
dell / latitude_7212_rugged_extreme_tablet_firmware	-	1.7.0
dell / latitude_7280_firmware	-	1.9.1
dell / latitude_7320_firmware	-	1.7.0
dell / latitude_7370_firmware	-	1.7.1
dell / latitude_7420_firmware	-	1.7.0
dell / latitude_7480_firmware	-	1.7.1
dell / latitude_9410_firmware	-	1.7.1
dell / latitude_9510_firmware	-	1.7.0
dell / latitude_9520_firmware	-	1.6.0
dell / optiplex_3080_firmware	-	1.5.2
dell / optiplex_3280_aio_firmware	-	1.2.0
dell / optiplex_7480_aio_firmware	-	1.2.0
dell / precision_3551_ffirmware	-	1.6.2
dell / precision_3640_tower_firmware	-	1.7.1

https://www.dell.com/support/kbdoc/000191495/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo