CVE-2021-38543
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.
Los dispositivos splitter USB TP-Link UE330 hasta 09-08-2021, en determinados casos de uso en los que el dispositivo suministra energía a equipos de salida de audio, permiten a atacantes remotos recuperar las señales de voz de un LED del dispositivo, por medio de un telescopio y un sensor electro-óptico, también se conoce como un ataque "Glowworm". Suponemos que el divisor USB suministra energía a unos altavoces. El LED indicador de potencia del divisor USB está conectado directamente a la línea de alimentación, por lo que la intensidad del LED indicador de potencia del divisor USB es correlativa a su consumo de energía. El sonido reproducido por los altavoces conectados afecta al consumo de energía del divisor USB y, en consecuencia, también es correlativo a la intensidad luminosa del LED. Al analizar las medidas obtenidas por un sensor electro-óptico dirigido al LED indicador de potencia del splitter USB, podemos recuperar el sonido reproducido por los altavoces conectados
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-11 CVE Reserved
- 2021-08-11 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-08-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.nassiben.com/glowworm-attack | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Tp-link Search vendor "Tp-link" | Ue330 Firmware Search vendor "Tp-link" for product "Ue330 Firmware" | <= 2021-08-09 Search vendor "Tp-link" for product "Ue330 Firmware" and version " <= 2021-08-09" | - |
Affected
| in | Tp-link Search vendor "Tp-link" | Ue330 Search vendor "Tp-link" for product "Ue330" | - | - |
Safe
|