Lucene search
+L

56 matches found

cve
cve
added 2021/08/11 3:25 p.m.66 views

CVE-2021-38544

The CVE-2021-38544 entry concerns Sony SRS-XB33 and SRS-XB43 speakers. Reported as a Glowworm/firefly-style attack, remote attackers can recover spoken audio by analyzing LED power indicator emissions with an electro-optical sensor; the LED is tied to the power line so LED brightness correlates w...

5.9CVSS5.8AI score0.01293EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2021/08/11 3:25 p.m.22 views

CVE-2021-38545

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

6AI score0.01293EPSS
Exploits1References1
cve
cve
added 2021/08/11 3:25 p.m.52 views

CVE-2021-38545

CVE-2021-38545 concerns Raspberry Pi 3 B+ and 4 B devices, up to 2021-08-09, where powering an audio output in certain use cases creates a side channel. The LED power indicator is tied to the power line, so LED light intensity correlates with overall power consumption; the sound played by connect...

5.9CVSS5.7AI score0.01293EPSS
Exploits1References1Affected Software1
cve
cve
added 2021/08/11 3:25 p.m.54 views

CVE-2021-38546

The CVE-2021-38546 entry covers Creative Pebble devices affected by a Glowworm-style attack. According to redhat and NVD records, remote attackers can recover spoken audio by measuring power-indicator LED emissions with an electro-optical sensor and telescope. The underlying issue links LED outpu...

5.9CVSS5.8AI score0.01287EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2021/08/11 3:25 p.m.27 views

CVE-2021-38546

CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensit...

6AI score0.01287EPSS
Exploits1References1
cve
cve
added 2021/08/11 3:24 p.m.52 views

CVE-2021-38547

The CVE-2021-38547 entry concerns Logitech Z120 and S120 speakers (through 2021-08-09) where the power indicator LED is connected to the power line. The underlying issue is that the LED’s light intensity correlates with the device’s power consumption, and the audio content affects that consumptio...

5.9CVSS5.7AI score0.01346EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2021/08/11 3:24 p.m.26 views

CVE-2021-38547

Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the...

6AI score0.01346EPSS
Exploits1References1
cvelist
cvelist
added 2021/08/11 3:24 p.m.20 views

CVE-2021-38548

JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a...

6AI score0.01293EPSS
Exploits1References1
cve
cve
added 2021/08/11 3:24 p.m.59 views

CVE-2021-38548

CVE-2021-38548 affects JBL Go 2 devices up to 2021-08-09. A remote attacker can recover spoken audio by analyzing measurements from an electro-optical sensor aimed at the device’s power-indicator LED, which is directly tied to the power line; the LED brightness mirrors power use, which varies wit...

5.9CVSS5.8AI score0.01293EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2021/08/11 3:24 p.m.28 views

CVE-2021-38549

MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

5.9AI score0.01293EPSS
Exploits1References1
cve
cve
added 2021/08/11 3:24 p.m.60 views

CVE-2021-38549

The CVE-2021-38549 entry concerns MIRACASE MHUB500 USB splitters (affected through 2021-08-09) in specific configurations where the device powers audio-output equipment. The vulnerability arises because the power indicator LED is tied to the power line, making LED brightness correlate with power ...

5.9CVSS5.6AI score0.01293EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2021/08/10 2:15 p.m.19 views

CVE-2021-38365

Winner aka ToneWinner desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack...

4.3CVSS0.01155EPSS
Exploits1References2
prion
prion
added 2021/08/10 2:15 p.m.14 views

Code injection

Winner aka ToneWinner desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack...

4.3CVSS4.5AI score0.01155EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2021/08/10 1:18 p.m.20 views

CVE-2021-38365

Winner aka ToneWinner desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack...

4.7AI score0.01155EPSS
Exploits1References1
cve
cve
added 2021/08/10 1:18 p.m.40 views

CVE-2021-38365

The connected documents identify CVE-2021-38365 as affecting ToneWinner (Winner) desktop speakers. The vulnerability allows a remote attacker to recover speech signals from the power-indicator LED using a telescope and an electro-optical sensor, a classically described Glowworm attack. The descri...

4.3CVSS4.5AI score0.01155EPSS
Exploits1References2Affected Software1
threatpost
threatpost
added 2021/08/09 9:6 p.m.55 views

‘Glowworm’ Attack Turns Light Flickers into Audio

Virtual meetings are vulnerable to a new, exotic attack called Glowworm, which measures an audio output device’s LED power light changes and converts them to audio reproductions — allowing cyberattackers to listen to sensitive conversations. As an increasing amount of business is being conducted...

6.7AI score
Exploits0References10
Rows per page
Query Builder