CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1CVE-2021-38546
https://notcve.org/view.php?id=CVE-2021-38546
CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them. Los dispositivos CREATIVE Pebble hasta 09-08-2021, permiten a atacantes remotos recuperar las señales de voz de un LED del dispositivo, por medio de un telescopio y un sensor electro-óptico, también se conoce como un ataque "Glowworm". • https://www.nassiben.com/glowworm-attack •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10702
https://notcve.org/view.php?id=CVE-2016-10702
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. Los dispositivos Pebble Smartwatch hasta la versión 4.3 gestionan el almacenamiento UUID de manera incorrecta. Esto permite que atacantes lean el almacenamiento flash de una aplicación arbitraria y accedan a la instancia JavaScript de una aplicación arbitraria modificando un valor UUID en la cabecera de un binario de aplicación manipulado. • https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •