Skip to main content

Mifare Ultralight Ev1 Firmware CVE-2021-33881

MEDIUM
Incorrect Authorization (CWE-863)
2021-06-06 cve@mitre.org
4.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.2 MEDIUM
AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 06, 2021 - 16:15 nvd
MEDIUM 4.2

DescriptionNVD

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.

AnalysisAI

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc. Affected products include: Nxp Mifare Ultralight Ev1 Firmware, Nxp Mifare Ultralight C Firmware, Nxp Mifare Ultralight Nano Firmware, Nxp Ntag 210 Firmware, Nxp Ntag 212 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.

Share

CVE-2021-33881 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy