diff --git a/lib/nfc/protocols/type_4_tag/type_4_tag_i.c b/lib/nfc/protocols/type_4_tag/type_4_tag_i.c
index 889cf635b..69e9aadf9 100644
--- a/lib/nfc/protocols/type_4_tag/type_4_tag_i.c
+++ b/lib/nfc/protocols/type_4_tag/type_4_tag_i.c
@@ -50,7 +50,8 @@ void type_4_tag_cc_dump(const Type4TagData* data, uint8_t* buf, size_t len) {
         sizeof(cc->tlv[0].value.ndef_file_ctrl.file_id),
         (void*)&cc->tlv[0].value.ndef_file_ctrl.file_id);
     bit_lib_num_to_bytes_be(
-        data->is_tag_specific ? data->ndef_max_len : TYPE_4_TAG_DEFAULT_NDEF_SIZE,
+        sizeof(uint16_t) +
+            (data->is_tag_specific ? data->ndef_max_len : TYPE_4_TAG_DEFAULT_NDEF_SIZE),
         sizeof(cc->tlv[0].value.ndef_file_ctrl.max_len),
         (void*)&cc->tlv[0].value.ndef_file_ctrl.max_len);
     cc->tlv[0].value.ndef_file_ctrl.read_perm =
diff --git a/lib/nfc/protocols/type_4_tag/type_4_tag_i.h b/lib/nfc/protocols/type_4_tag/type_4_tag_i.h
index 1af7c7f38..18b46679a 100644
--- a/lib/nfc/protocols/type_4_tag/type_4_tag_i.h
+++ b/lib/nfc/protocols/type_4_tag/type_4_tag_i.h
@@ -56,7 +56,7 @@
 #define TYPE_4_TAG_BUF_SIZE          (256U - 3U - 2U)
 // Read returns 2 byte status trailer, write sends 5 byte command header
 #define TYPE_4_TAG_CHUNK_LEN         MIN(TYPE_4_TAG_BUF_SIZE - 5U, TYPE_4_TAG_ISO_RW_CHUNK_LEN)
-#define TYPE_4_TAG_DEFAULT_NDEF_SIZE (2048U)
+#define TYPE_4_TAG_DEFAULT_NDEF_SIZE (2048U - sizeof(uint16_t))
 
 extern const uint8_t type_4_tag_iso_mf_name[TYPE_4_TAG_ISO_NAME_LEN];
 extern const uint8_t type_4_tag_iso_df_name[TYPE_4_TAG_ISO_NAME_LEN];
diff --git a/lib/nfc/protocols/type_4_tag/type_4_tag_listener_i.c b/lib/nfc/protocols/type_4_tag/type_4_tag_listener_i.c
index fb0890688..7da6fadc9 100644
--- a/lib/nfc/protocols/type_4_tag/type_4_tag_listener_i.c
+++ b/lib/nfc/protocols/type_4_tag/type_4_tag_listener_i.c
@@ -196,8 +196,9 @@ static Type4TagError type_4_tag_listener_iso_write(
     }
 
     if(instance->state == Type4TagListenerStateSelectedNdefMessage) {
-        if(offset + lc > (instance->data->is_tag_specific ? instance->data->ndef_max_len :
-                                                            TYPE_4_TAG_DEFAULT_NDEF_SIZE)) {
+        if(offset + lc > sizeof(uint16_t) + (instance->data->is_tag_specific ?
+                                                 instance->data->ndef_max_len :
+                                                 TYPE_4_TAG_DEFAULT_NDEF_SIZE)) {
             bit_buffer_append_bytes(
                 instance->tx_buffer,
                 type_4_tag_offset_error_apdu,