CVE-2021-33881

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nxp:mifare_ultralight_ev1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:mifare_ultralight_ev1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:nxp:mifare_ultralight_c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:mifare_ultralight_c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:nxp:mifare_ultralight_nano_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:mifare_ultralight_nano:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:nxp:ntag_210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_210:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:nxp:ntag_212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_212:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:nxp:ntag_213_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_213:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:nxp:ntag_215_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_215:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:nxp:ntag_216_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_216:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-06 16:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-33881

Mitre link : CVE-2021-33881

CVE.ORG link : CVE-2021-33881


JSON object : View

Products Affected

nxp

  • ntag_215
  • mifare_ultralight_ev1_firmware
  • mifare_ultralight_ev1
  • mifare_ultralight_c
  • mifare_ultralight_c_firmware
  • mifare_ultralight_nano
  • ntag_212_firmware
  • ntag_216
  • ntag_212
  • ntag_215_firmware
  • mifare_ultralight_nano_firmware
  • ntag_210
  • ntag_210_firmware
  • ntag_216_firmware
  • ntag_213
  • ntag_213_firmware
CWE
CWE-863

Incorrect Authorization