Login Sign Up

CVE-2021-0430

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote code execution via malicious NFC packets without requiring user interaction or additional privileges. An out-of-bounds write in the Android NFC stack could be exploited to execute arbitrary code on affected devices. All Android devices running versions 10 or 11 with NFC enabled are potentially affected.

💻 Affected Systems

Products:
  • Android
Versions: Android 10 and 11
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with NFC hardware and NFC enabled. Devices without NFC hardware or with NFC disabled are not vulnerable.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install malware, steal data, or join device to botnet

🟠

Likely Case

Remote code execution leading to data theft, surveillance, or ransomware deployment

🟢

If Mitigated

Limited impact if NFC is disabled or device is patched, though physical proximity is still required

🌐 Internet-Facing: LOW (requires physical proximity to NFC range, not internet-based)
🏢 Internal Only: MEDIUM (requires attacker physical access to NFC range within organization)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires physical proximity to NFC range (~4 inches). No authentication or user interaction needed once in range.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin April 2021 patches

Vendor Advisory: https://source.android.com/security/bulletin/2021-04-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install April 2021 security patch or later. 3. Restart device after installation.

🔧 Temporary Workarounds

Disable NFC

android

Turn off NFC functionality to prevent exploitation

Settings > Connected devices > Connection preferences > NFC > Toggle OFF

🧯 If You Can't Patch

  • Disable NFC functionality completely
  • Implement physical security controls to prevent unauthorized NFC devices near vulnerable devices

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 10 or 11 and security patch level is before April 2021, device is vulnerable.

Check Version:

Settings > About phone > Android version and Android security patch level

Verify Fix Applied:

Verify security patch level is April 2021 or later in Settings > About phone > Android security patch level

📡 Detection & Monitoring

Log Indicators:

  • Unusual NFC activity logs
  • Multiple failed NFC handshake attempts
  • Unexpected NFC tag reads

Network Indicators:

  • N/A - local attack only

SIEM Query:

N/A - requires physical proximity detection rather than network monitoring

📊 Metadata

CVE ID: CVE-2021-0430
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 13, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0430, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)