Skip to main content
CVE-2021-33881 MEDIUM POC This Month

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Mifare Ultralight Ev1 Firmware Mifare Ultralight C Firmware Mifare Ultralight Nano Firmware Ntag 210 Firmware +4
NVD
CVSS 3.1
4.2
EPSS
0.4%
CVE-2021-33880 MEDIUM PATCH This Month

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Websockets Communications Cloud Native Core Policy Communications Cloud Native Core Security Edge Protection Proxy +2
NVD GitHub
CVSS 3.1
5.9
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy