Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TP-Link UE330 USB 安全漏洞
Vulnerability Description
Tp-link UE330 USB是中国Tp-link公司的一个 3 端口 USB 3.0 集线器。 TP-Link UE330 USB 存在安全漏洞,该漏洞源于TP-Link UE330 USB分路设备在某些特定的使用情况下,该设备为音频输出设备供电时会出现问题。攻击者可利用该漏洞通过望远镜和光电传感器从设备上的LED恢复语音信号,即“萤火虫”攻击。
CVSS Information
N/A
Vulnerability Type
N/A