Vulnerabilities > CVE-2021-33881 - Incorrect Authorization vulnerability in NXP products
Attack vector
PHYSICAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 8 | |
Hardware | 8 |
Common Weakness Enumeration (CWE)
References
- https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html
- https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html
- https://www.nxp.com/docs/en/application-note/AN11340.pdf
- https://www.nxp.com/docs/en/application-note/AN11340.pdf
- https://www.nxp.com/docs/en/application-note/AN13089.pdf
- https://www.nxp.com/docs/en/application-note/AN13089.pdf
- https://www.sstic.org/2021/presentation/eeprom_it_will_all_end_in_tears/
- https://www.sstic.org/2021/presentation/eeprom_it_will_all_end_in_tears/