CVE-2021-33881
First published: Sun Jun 06 2021(Updated: )
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nxp Mifare Ultralight Ev1 Firmware | ||
| Nxp Mifare Ultralight Ev1 | ||
| Nxp Mifare Ultralight C Firmware | ||
| Nxp Mifare Ultralight C | ||
| Nxp Mifare Ultralight Nano Firmware | ||
| Nxp Mifare Ultralight Nano | ||
| Nxp Ntag 210 Firmware | ||
| Nxp Ntag 210 | ||
| Nxp Ntag 212 Firmware | ||
| Nxp Ntag 212 | ||
| Nxp Ntag 213 Firmware | ||
| Nxp Ntag 213 | ||
| Nxp Ntag 215 Firmware | ||
| Nxp Ntag 215 | ||
| Nxp Ntag 216 Firmware | ||
| Nxp Ntag 216 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-33881?
CVE-2021-33881 is a vulnerability that allows an attacker to interrupt a write operation on NXP MIFARE Ultralight and NTAG cards, bypassing a Monotonic Counter protection mechanism.
What is the severity of CVE-2021-33881?
CVE-2021-33881 has a severity rating of 4.2 (medium).
How does CVE-2021-33881 impact public transportation?
The impact of CVE-2021-33881 on public transportation depends on how the anti tear-off feature is used in specific applications.
Are there any resources to learn more about CVE-2021-33881?
Yes, you can refer to the following resources for more information: [An article on RFID Monotonic Counter Anti-Tearing Defeated](https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html), [NXP Application Note AN11340](https://www.nxp.com/docs/en/application-note/AN11340.pdf), [NXP Application Note AN13089](https://www.nxp.com/docs/en/application-note/AN13089.pdf).
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2021-33881?
CVE-2021-33881 is associated with CWE-863.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/nxp
- canonical/nxp mifare ultralight ev1 firmware
- canonical/nxp mifare ultralight ev1
- canonical/nxp mifare ultralight c firmware
- canonical/nxp mifare ultralight c
- canonical/nxp mifare ultralight nano firmware
- canonical/nxp mifare ultralight nano
- canonical/nxp ntag 210 firmware
- canonical/nxp ntag 210
- canonical/nxp ntag 212 firmware
- canonical/nxp ntag 212
- canonical/nxp ntag 213 firmware
- canonical/nxp ntag 213
- canonical/nxp ntag 215 firmware
- canonical/nxp ntag 215
- canonical/nxp ntag 216 firmware
- canonical/nxp ntag 216