Vulnerability Description
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nxp | Mifare Ultralight Ev1 Firmware | - |
| Nxp | Mifare Ultralight Ev1 | - |
| Nxp | Mifare Ultralight C Firmware | - |
| Nxp | Mifare Ultralight C | - |
| Nxp | Mifare Ultralight Nano Firmware | - |
| Nxp | Mifare Ultralight Nano | - |
| Nxp | Ntag 210 Firmware | - |
| Nxp | Ntag 210 | - |
| Nxp | Ntag 212 Firmware | - |
| Nxp | Ntag 212 | - |
| Nxp | Ntag 213 Firmware | - |
| Nxp | Ntag 213 | - |
| Nxp | Ntag 215 Firmware | - |
| Nxp | Ntag 215 | - |
| Nxp | Ntag 216 Firmware | - |
| Nxp | Ntag 216 | - |
Related Weaknesses (CWE)
References
- https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.htmlMitigationThird Party Advisory
- https://www.nxp.com/docs/en/application-note/AN11340.pdfVendor Advisory
- https://www.nxp.com/docs/en/application-note/AN13089.pdfVendor Advisory
- https://www.sstic.org/2021/presentation/eeprom_it_will_all_end_in_tears/ExploitThird Party Advisory
- https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.htmlMitigationThird Party Advisory
- https://www.nxp.com/docs/en/application-note/AN11340.pdfVendor Advisory
- https://www.nxp.com/docs/en/application-note/AN13089.pdfVendor Advisory
- https://www.sstic.org/2021/presentation/eeprom_it_will_all_end_in_tears/ExploitThird Party Advisory
FAQ
What is CVE-2021-33881?
CVE-2021-33881 is a vulnerability with a CVSS score of 4.2 (MEDIUM). On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends ...
How severe is CVE-2021-33881?
CVE-2021-33881 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33881?
Check the references section above for vendor advisories and patch information. Affected products include: Nxp Mifare Ultralight Ev1 Firmware, Nxp Mifare Ultralight Ev1, Nxp Mifare Ultralight C Firmware, Nxp Mifare Ultralight C, Nxp Mifare Ultralight Nano Firmware.