CVE-2021-33881
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/06/2021
Last modified:
17/06/2021
Description
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.
Impact
Base Score 3.x
4.20
Severity 3.x
MEDIUM
Base Score 2.0
1.90
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:nxp:mifare_ultralight_ev1_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nxp:mifare_ultralight_ev1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nxp:mifare_ultralight_c_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nxp:mifare_ultralight_c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nxp:mifare_ultralight_nano_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nxp:mifare_ultralight_nano:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nxp:ntag_210_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nxp:ntag_210:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nxp:ntag_212_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nxp:ntag_212:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nxp:ntag_213_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nxp:ntag_213:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nxp:ntag_215_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nxp:ntag_215:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nxp:ntag_216_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page