Vulnerabilities > CVE-2021-38365 - Unspecified vulnerability in Tonewinner Winner Desktop Speakers Firmware 20210809

CVSS 3.7 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

high complexity

tonewinner

NVD

Published: 2021-08-10

Updated: 2024-11-21

Summary

Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

Vulnerable Configurations

Part	Description	Count
OS	Tonewinner Tonewinner Winner Desktop Speakers Firmware - Tonewinner Winner Desktop Speakers Firmware 2021-08-09	2
Hardware	Tonewinner Tonewinner Winner Desktop Speakers -	1

References

http://www.tonewinner.com
http://www.tonewinner.com
https://www.nassiben.com/glowworm-attack
https://www.nassiben.com/glowworm-attack