CVE-2021-3011 [Medium] | Security Vulnerability in K13

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).

EDB-ID	Source	Kind	Published	Link
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-11-21	0.03%	0.06%	+0.03%
2	2025-11-18	0.06%	0.03%	-0.03%
3	2025-03-25	—	0.06%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-11-21

0.03%

0.06%

+0.03%

2025-11-18

0.06%

0.03%

-0.03%

2025-03-25

—

0.06%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.2	3.1	MEDIUM	`CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N` Click to expand Attack vector (AV:P) Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	0.5	3.6	[email protected]
1.9	2.0	LOW	`AV:L/AC:M/Au:N/C:P/I:N/A:N` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	3.4	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.2

3.1

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand

Attack vector (AV:P): Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

0.5

3.6

[email protected]

1.9

2.0

LOW

AV:L/AC:M/Au:N/C:P/I:N/A:N Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

3.4

2.9

[email protected]

Affected software / configurations for CVE-2021-3011

Vendor	Product	Version	Raw CPE
ftsafe	k13	—	cpe:2.3:h:ftsafe:k13:-:::::::*
ftsafe	k21	—	cpe:2.3:h:ftsafe:k21:-:::::::*
ftsafe	k40	—	cpe:2.3:h:ftsafe:k40:-:::::::*
ftsafe	k9	—	cpe:2.3:h:ftsafe:k9:-:::::::*
google	titan_security_key	—	cpe:2.3:h:google:titan_security_key:-:::::::*
nxp	3a081	—	cpe:2.3:h:nxp:3a081:-:::::::*
nxp	a7005a	—	cpe:2.3:h:nxp:a7005a:-:::::::*
nxp	j2a081	—	cpe:2.3:h:nxp:j2a081:-:::::::*
nxp	j2d081_m59	—	cpe:2.3:h:nxp:j2d081_m59:-:::::::*
nxp	j2d081_m61	—	cpe:2.3:h:nxp:j2d081_m61:-:::::::*
nxp	j2d082_m60	—	cpe:2.3:h:nxp:j2d082_m60:-:::::::*
nxp	j2d120_m60	—	cpe:2.3:h:nxp:j2d120_m60:-:::::::*
nxp	j2d145_m59	—	cpe:2.3:h:nxp:j2d145_m59:-:::::::*
nxp	j2e081_m64	—	cpe:2.3:h:nxp:j2e081_m64:-:::::::*
nxp	j2e082_m65	—	cpe:2.3:h:nxp:j2e082_m65:-:::::::*
nxp	j2e120_m65	—	cpe:2.3:h:nxp:j2e120_m65:-:::::::*
nxp	j2e145_m64	—	cpe:2.3:h:nxp:j2e145_m64:-:::::::*
nxp	j3a041	—	cpe:2.3:h:nxp:j3a041:-:::::::*
nxp	j3d081_m59	—	cpe:2.3:h:nxp:j3d081_m59:-:::::::*
nxp	j3d081_m59_df	—	cpe:2.3:h:nxp:j3d081_m59_df:-:::::::*
nxp	j3d081_m61	—	cpe:2.3:h:nxp:j3d081_m61:-:::::::*
nxp	j3d081_m61_df	—	cpe:2.3:h:nxp:j3d081_m61_df:-:::::::*
nxp	j3d082_m60	—	cpe:2.3:h:nxp:j3d082_m60:-:::::::*
nxp	j3d120_m60	—	cpe:2.3:h:nxp:j3d120_m60:-:::::::*
nxp	j3d145_m59	—	cpe:2.3:h:nxp:j3d145_m59:-:::::::*
nxp	j3e016_m64	—	cpe:2.3:h:nxp:j3e016_m64:-:::::::*
nxp	j3e016_m64_df	—	cpe:2.3:h:nxp:j3e016_m64_df:-:::::::*
nxp	j3e016_m66	—	cpe:2.3:h:nxp:j3e016_m66:-:::::::*
nxp	j3e016_m66_df	—	cpe:2.3:h:nxp:j3e016_m66_df:-:::::::*
nxp	j3e041_m64	—	cpe:2.3:h:nxp:j3e041_m64:-:::::::*
nxp	j3e041_m64_df	—	cpe:2.3:h:nxp:j3e041_m64_df:-:::::::*
nxp	j3e041_m66	—	cpe:2.3:h:nxp:j3e041_m66:-:::::::*
nxp	j3e041_m66_df	—	cpe:2.3:h:nxp:j3e041_m66_df:-:::::::*
nxp	j3e081_m64	—	cpe:2.3:h:nxp:j3e081_m64:-:::::::*
nxp	j3e081_m64_df	—	cpe:2.3:h:nxp:j3e081_m64_df:-:::::::*
nxp	j3e081_m66	—	cpe:2.3:h:nxp:j3e081_m66:-:::::::*
nxp	j3e081_m66_df	—	cpe:2.3:h:nxp:j3e081_m66_df:-:::::::*
nxp	j3e082_m65	—	cpe:2.3:h:nxp:j3e082_m65:-:::::::*
nxp	j3e120_m65	—	cpe:2.3:h:nxp:j3e120_m65:-:::::::*
nxp	j3e145_m64	—	cpe:2.3:h:nxp:j3e145_m64:-:::::::*
nxp	p5010	—	cpe:2.3:h:nxp:p5010:-:::::::*
nxp	p5020	—	cpe:2.3:h:nxp:p5020:-:::::::*
nxp	p5021	—	cpe:2.3:h:nxp:p5021:-:::::::*
nxp	p5040	—	cpe:2.3:h:nxp:p5040:-:::::::*
yubico	yubikey_neo	—	cpe:2.3:h:yubico:yubikey_neo:-:::::::*

References for CVE-2021-3011

URL	Tags
https://ninjalab.io/a-side-journey-to-titan/	Third Party Advisory
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf	Exploit Technical Description Third Party Advisory

URL

CVE-2021-3011

Public exploit references (Exploit-DB) for CVE-2021-3011

Exploit prediction scoring system (EPSS) score for CVE-2021-3011

Common vulnerability scoring system (CVSS) metrics for CVE-2021-3011

Weakness enumeration for CVE-2021-3011

Affected software / configurations for CVE-2021-3011

References for CVE-2021-3011