// For flags

CVE-2021-38546

 

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.

Los dispositivos CREATIVE Pebble hasta 09-08-2021, permiten a atacantes remotos recuperar las señales de voz de un LED del dispositivo, por medio de un telescopio y un sensor electro-óptico, también se conoce como un ataque "Glowworm". El LED indicador de potencia de los altavoces está conectado directamente a la línea de alimentación, por lo que la intensidad del LED indicador de potencia de un dispositivo es correlativa al consumo de energía. El sonido reproducido por los altavoces afecta a su consumo de energía y, en consecuencia, también es correlativo a la intensidad luminosa de los LED. Al analizar las medidas obtenidas por un sensor electro-óptico dirigido a los LEDs indicadores de potencia de los altavoces, podemos recuperar el sonido reproducido por los mismos

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-08-11 CVE Reserved
  • 2021-08-11 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-08-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Creative
Search vendor "Creative"
Pebble V3 Firmware
Search vendor "Creative" for product "Pebble V3 Firmware"
<= 2021-08-09
Search vendor "Creative" for product "Pebble V3 Firmware" and version " <= 2021-08-09"
-
Affected
in Creative
Search vendor "Creative"
Pebble V3
Search vendor "Creative" for product "Pebble V3"
--
Safe
Creative
Search vendor "Creative"
Pebble V2 Firmware
Search vendor "Creative" for product "Pebble V2 Firmware"
<= 2021-08-09
Search vendor "Creative" for product "Pebble V2 Firmware" and version " <= 2021-08-09"
-
Affected
in Creative
Search vendor "Creative"
Pebble V2
Search vendor "Creative" for product "Pebble V2"
--
Safe
Creative
Search vendor "Creative"
Pebble Firmware
Search vendor "Creative" for product "Pebble Firmware"
<= 2021-08-09
Search vendor "Creative" for product "Pebble Firmware" and version " <= 2021-08-09"
-
Affected
in Creative
Search vendor "Creative"
Pebble
Search vendor "Creative" for product "Pebble"
--
Safe
Creative
Search vendor "Creative"
Pebble Plus Firmware
Search vendor "Creative" for product "Pebble Plus Firmware"
<= 2021-08-09
Search vendor "Creative" for product "Pebble Plus Firmware" and version " <= 2021-08-09"
-
Affected
in Creative
Search vendor "Creative"
Pebble Plus
Search vendor "Creative" for product "Pebble Plus"
--
Safe