CVE-2021-38111 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2021-38111?

CVE-2021-38111 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on DEF CON 27 badges by sending specially crafted oversized packets via the NFMI protocol. It affects all DEF CON 27 badges that have the vulnerable firmware. Attackers can potentially take full control of affected badges.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on DEF CON 27 badges by sending specially crafted oversized packets via the NFMI protocol. It affects all DEF CON 27 badges that have the vulnerable firmware. Attackers can potentially take full control of affected badges.

💻 Affected Systems

Products:

DEF CON 27 Conference Badge

Versions: All firmware versions for DEF CON 27 badge

Operating Systems: Embedded firmware on badge hardware

Default Config Vulnerable: ⚠️ Yes

Notes: This is a hardware conference badge, not traditional software. Vulnerability exists in the NFMI communication protocol implementation.

📦 What is this software?

Def Con 27 Firmware by Defcon

View all CVEs affecting Def Con 27 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of badge functionality, potential credential theft if badge stores sensitive data, and ability to use badge as pivot point for further attacks on connected systems.

🟠

Likely Case

Badge malfunction, unauthorized access to badge features, and potential data exfiltration from badge memory.

🟢

If Mitigated

Limited impact if NFMI communication is disabled or properly filtered, with only denial of service possible.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires proximity (NFMI range ~1-2 meters) and specialized hardware like SDR (Software Defined Radio). Proof of concept code is available in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. This is a hardware conference badge with limited update capability. Consider physical mitigation measures.

🔧 Temporary Workarounds

Disable NFMI Communication

all

Physically disable or shield the NFMI antenna to prevent remote exploitation

N/A - Physical modification required

Limit Physical Access

all

Restrict badge proximity to untrusted devices and environments

N/A - Physical security measure

🧯 If You Can't Patch

Retire vulnerable badges from sensitive environments
Implement physical security zones where badge usage is restricted

🔍 How to Verify

Check if Vulnerable:

Check if you possess a DEF CON 27 conference badge. All are vulnerable.

Check Version:

N/A - No version checking mechanism exists for these badges

Verify Fix Applied:

No fix available to verify. Physical modifications can be inspected visually.

📡 Detection & Monitoring

Log Indicators:

N/A - Badges do not generate traditional logs

Network Indicators:

Unusual NFMI protocol traffic patterns
Oversized packet transmissions in NFMI range

SIEM Query:

N/A - Not applicable for hardware badges without logging capability

📊 Metadata

CVE ID: CVE-2021-38111

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: August 4, 2021

Last Updated: May 5, 2025

🔗 References

https://defcon.org/html/defcon-29/dc-29-speakers.html#kintigh Exploit,Third Party Advisory
https://github.com/skintigh/defcon27_badge_sdr
https://defcon.org/html/defcon-29/dc-29-speakers.html#kintigh Exploit,Third Party Advisory
https://github.com/skintigh/defcon27_badge_sdr

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38111, you might also want to check these: