CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1CVE-2021-38546
https://notcve.org/view.php?id=CVE-2021-38546
11 Aug 2021 — CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. B... • https://www.nassiben.com/glowworm-attack •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10702
https://notcve.org/view.php?id=CVE-2016-10702
28 Nov 2017 — Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. Los dispositivos Pebble Smartwatch hasta la versión 4.3 gestionan el almacenamiento UUID de manera incorrecta. Esto permite que atacantes lean el almacenamiento flash de una aplicación arbitraria y accedan a la instancia JavaScript de una ap... • https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •