CVE-2021-33881
Severity Score
4.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.
En las tarjetas NXP MIFARE Ultralight y NTAG, un atacante puede interrumpir una operación de escritura (también se conoce como ataque "tear off") mediante RFID para omitir el mecanismo de protección Monotonic Counter. El impacto depende de cómo es usado la funcionalidad anti tear-off en aplicaciones específicas como el transporte público, el control de acceso físico, etc
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-06 CVE Reserved
- 2021-06-06 CVE Published
- 2024-02-20 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html | Mitigation |
| URL | Date | SRC |
|---|---|---|
| https://www.sstic.org/2021/presentation/eeprom_it_will_all_end_in_tears | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.nxp.com/docs/en/application-note/AN11340.pdf | 2021-06-17 | |
| https://www.nxp.com/docs/en/application-note/AN13089.pdf | 2021-06-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nxp Search vendor "Nxp" | Mifare Ultralight Ev1 Firmware Search vendor "Nxp" for product "Mifare Ultralight Ev1 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Mifare Ultralight Ev1 Search vendor "Nxp" for product "Mifare Ultralight Ev1" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Mifare Ultralight C Firmware Search vendor "Nxp" for product "Mifare Ultralight C Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Mifare Ultralight C Search vendor "Nxp" for product "Mifare Ultralight C" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Mifare Ultralight Nano Firmware Search vendor "Nxp" for product "Mifare Ultralight Nano Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Mifare Ultralight Nano Search vendor "Nxp" for product "Mifare Ultralight Nano" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Ntag 210 Firmware Search vendor "Nxp" for product "Ntag 210 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Ntag 210 Search vendor "Nxp" for product "Ntag 210" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Ntag 212 Firmware Search vendor "Nxp" for product "Ntag 212 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Ntag 212 Search vendor "Nxp" for product "Ntag 212" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Ntag 213 Firmware Search vendor "Nxp" for product "Ntag 213 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Ntag 213 Search vendor "Nxp" for product "Ntag 213" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Ntag 215 Firmware Search vendor "Nxp" for product "Ntag 215 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Ntag 215 Search vendor "Nxp" for product "Ntag 215" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Ntag 216 Firmware Search vendor "Nxp" for product "Ntag 216 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Ntag 216 Search vendor "Nxp" for product "Ntag 216" | - | - |
Safe
|