CVE-2021-33881

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nxp:mifare_ultralight_ev1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:mifare_ultralight_ev1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:nxp:mifare_ultralight_c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:mifare_ultralight_c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:nxp:mifare_ultralight_nano_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:mifare_ultralight_nano:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:nxp:ntag_210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_210:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:nxp:ntag_212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_212:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:nxp:ntag_213_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_213:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:nxp:ntag_215_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_215:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:nxp:ntag_216_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_216:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:09

Type Values Removed Values Added
References () https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html - Mitigation, Third Party Advisory () https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html - Mitigation, Third Party Advisory
References () https://www.nxp.com/docs/en/application-note/AN11340.pdf - Vendor Advisory () https://www.nxp.com/docs/en/application-note/AN11340.pdf - Vendor Advisory
References () https://www.nxp.com/docs/en/application-note/AN13089.pdf - Vendor Advisory () https://www.nxp.com/docs/en/application-note/AN13089.pdf - Vendor Advisory
References () https://www.sstic.org/2021/presentation/eeprom_it_will_all_end_in_tears/ - Exploit, Third Party Advisory () https://www.sstic.org/2021/presentation/eeprom_it_will_all_end_in_tears/ - Exploit, Third Party Advisory

Information

Published : 2021-06-06 16:15

Updated : 2024-11-21 06:09


NVD link : CVE-2021-33881

Mitre link : CVE-2021-33881

CVE.ORG link : CVE-2021-33881


JSON object : View

Products Affected

nxp

  • ntag_213_firmware
  • mifare_ultralight_ev1
  • mifare_ultralight_nano_firmware
  • ntag_210
  • mifare_ultralight_c
  • ntag_212_firmware
  • ntag_215_firmware
  • ntag_215
  • ntag_213
  • ntag_216_firmware
  • mifare_ultralight_ev1_firmware
  • mifare_ultralight_nano
  • ntag_210_firmware
  • ntag_212
  • ntag_216
  • mifare_ultralight_c_firmware
CWE
CWE-863

Incorrect Authorization