CVE-2021-33881
MEDIUMNXP MIFARE Ultralight and NTAG Firmware - Incorrect Authorization via Tear-Off Attack
Title source: llmDescription
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.
References (4)
Core 4
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html
Vendor Advisory x_refsource_misc
https://www.nxp.com/docs/en/application-note/AN13089.pdf
Vendor Advisory x_refsource_misc
https://www.nxp.com/docs/en/application-note/AN11340.pdf
Exploit, Third Party Advisory x_refsource_misc
https://www.sstic.org/2021/presentation/eeprom_it_will_all_end_in_tears/
Scores
CVSS v3
4.2
EPSS
0.0041
EPSS Percentile
32.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-863
Status
published
Products (8)
nxp/mifare_ultralight_c_firmware
nxp/mifare_ultralight_ev1_firmware
nxp/mifare_ultralight_nano_firmware
nxp/ntag_210_firmware
nxp/ntag_212_firmware
nxp/ntag_213_firmware
nxp/ntag_215_firmware
nxp/ntag_216_firmware
Published
Jun 06, 2021
Tracked Since
Feb 18, 2026