CVE-2021-38543

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.nassiben.com/glowworm-attack	Exploit Third Party Advisory
https://www.nassiben.com/glowworm-attack	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tp-link:ue330_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:ue330:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-11 16:15

Updated : 2024-11-21 06:17

NVD link : CVE-2021-38543

Mitre link : CVE-2021-38543

CVE.ORG link : CVE-2021-38543

JSON object : View

Products Affected

tp-link

ue330
ue330_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-38543", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2021-08-11T16:15:07.210", "references": [{"url": "https://www.nassiben.com/glowworm-attack", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.nassiben.com/glowworm-attack", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a \"Glowworm\" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers."}, {"lang": "es", "value": "Los dispositivos splitter USB TP-Link UE330 hasta 09-08-2021, en determinados casos de uso en los que el dispositivo suministra energ\u00eda a equipos de salida de audio, permiten a atacantes remotos recuperar las se\u00f1ales de voz de un LED del dispositivo, por medio de un telescopio y un sensor electro-\u00f3ptico, tambi\u00e9n se conoce como un ataque \"Glowworm\". Suponemos que el divisor USB suministra energ\u00eda a unos altavoces. El LED indicador de potencia del divisor USB est\u00e1 conectado directamente a la l\u00ednea de alimentaci\u00f3n, por lo que la intensidad del LED indicador de potencia del divisor USB es correlativa a su consumo de energ\u00eda. El sonido reproducido por los altavoces conectados afecta al consumo de energ\u00eda del divisor USB y, en consecuencia, tambi\u00e9n es correlativo a la intensidad luminosa del LED. Al analizar las medidas obtenidas por un sensor electro-\u00f3ptico dirigido al LED indicador de potencia del splitter USB, podemos recuperar el sonido reproducido por los altavoces conectados"}], "lastModified": "2024-11-21T06:17:23.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:ue330_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AF9B484-A232-4F75-BB17-1433C4C346B4", "versionEndIncluding": "2021-08-09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:ue330:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D0B23AE-60C1-404A-94D7-55FD0A340F37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}