On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Nxp
  • Ntag 216
  • Ntag 212
  • Mifare Ultralight Ev1 Firmware
  • Ntag 210 Firmware
  • Mifare Ultralight Ev1
  • Ntag 210
  • Ntag 212 Firmware
  • Ntag 213
  • Mifare Ultralight C
  • Ntag 215 Firmware
  • Ntag 215
  • Ntag 216 Firmware
  • Mifare Ultralight Nano Firmware
  • Mifare Ultralight Nano
  • Mifare Ultralight C Firmware
  • Ntag 213 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:nxp:mifare_ultralight_ev1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:mifare_ultralight_ev1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:nxp:mifare_ultralight_c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:mifare_ultralight_c:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:nxp:mifare_ultralight_nano_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:mifare_ultralight_nano:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:nxp:ntag_210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_210:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:nxp:ntag_212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_212:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:nxp:ntag_213_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_213:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:nxp:ntag_215_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_215:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:nxp:ntag_216_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:ntag_216:-:*:*:*:*:*:*:*
References
Link Resource
https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html Mitigation Third Party Advisory
https://www.nxp.com/docs/en/application-note/AN11340.pdf Vendor Advisory
https://www.nxp.com/docs/en/application-note/AN13089.pdf Vendor Advisory
https://www.sstic.org/2021/presentation/eeprom_it_will_all_end_in_tears/ Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-06T15:33:44

Updated: 2021-06-06T15:33:44

Reserved: 2021-06-06T00:00:00

Link: CVE-2021-33881

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-06-06T16:15:07.407

Modified: 2021-06-17T16:39:54.127

Link: CVE-2021-33881

JSON object: View

cve-icon Redhat Information

No data.

CWE