CVE-2021-38547

MEDIUM
Published Aug 11, 20214y ago · Modified Jun 17, 20262w ago
5.9 CVSS 3.1
Medium
Find Similar
Published Aug 11, 2021 4y ago
Last Modified Jun 17, 2026 2w ago

Description

Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.

CVSS Details

Base Score
5.9
Exploitability
2.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Affected Products 4

VendorProductVersionRange
logitechz120_firmware* ≤2021-08-09
logitechz120*any
logitechs120_firmware* ≤2021-08-09
logitechs120*any

References 1

  • nassiben.com https://www.nassiben.com/glowworm-attack
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.