CVE-2021-38365
3.7 LOWWinner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED...
Published: 2021-08-10 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 3.7 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
| Vendor | Product |
|---|---|
| tonewinner | winner_desktop_speakers_firmware |
Description
Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38365
- [Vendor advisory]http://www.tonewinner.com
- [Exploit reference]https://www.nassiben.com/glowworm-attack
- [Vendor advisory]http://www.tonewinner.com
- [Exploit reference]https://www.nassiben.com/glowworm-attack