// For flags

CVE-2021-38547

 

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.

Los altavoces Logitech Z120 y S120 hasta el 09-08-2021, permiten a atacantes remotos recuperar las señales de voz de un LED del dispositivo, por medio de un telescopio y un sensor electro-óptico, también se conoce como un ataque "Glowworm". El LED indicador de potencia de los altavoces está conectado directamente a la línea eléctrica, por lo que la intensidad del LED indicador de potencia de un dispositivo es correlativa al consumo de energía. El sonido reproducido por los altavoces afecta a su consumo de energía y, en consecuencia, también es correlativo a la intensidad luminosa de los LED. Al analizar las medidas obtenidas por un sensor electro-óptico dirigido a los LEDs indicadores de potencia de los altavoces, podemos recuperar el sonido reproducido por los mismos

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-08-11 CVE Reserved
  • 2021-08-11 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-08-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Logitech
Search vendor "Logitech"
Z120 Firmware
Search vendor "Logitech" for product "Z120 Firmware"
<= 2021-08-09
Search vendor "Logitech" for product "Z120 Firmware" and version " <= 2021-08-09"
-
Affected
in Logitech
Search vendor "Logitech"
Z120
Search vendor "Logitech" for product "Z120"
--
Safe
Logitech
Search vendor "Logitech"
S120 Firmware
Search vendor "Logitech" for product "S120 Firmware"
<= 2021-08-09
Search vendor "Logitech" for product "S120 Firmware" and version " <= 2021-08-09"
-
Affected
in Logitech
Search vendor "Logitech"
S120
Search vendor "Logitech" for product "S120"
--
Safe