What is the severity of CVE-2021-38543?

CVE-2021-38543 is considered a medium severity vulnerability due to the potential for remote attackers to exploit the device.

How do I fix CVE-2021-38543?

To mitigate CVE-2021-38543, ensure that your TP-Link UE330 firmware is updated to a version post-2021-08-09.

What devices are affected by CVE-2021-38543?

CVE-2021-38543 affects the TP-Link UE330 USB splitter devices running specific firmware versions up to 2021-08-09.

What type of attack is demonstrated by CVE-2021-38543?

CVE-2021-38543 demonstrates a 'Glowworm' attack, where attackers can recover audio signals via observation of the device's LED.

Can CVE-2021-38543 be exploited remotely?

Yes, CVE-2021-38543 can be exploited remotely under specific conditions involving the device's power supply to audio-output equipment.

Vulnerability/
CVE-2021-38543

medium

5.9

11/8/2021

4/8/2024

CVE-2021-38543

First published: Wed Aug 11 2021(Updated: )

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
TP-Link UE330 Firmware	<=2021-08-09
TP-Link UE330 Firmware

Never miss a vulnerability like this again

Reference Links

https://www.nassiben.com/glowworm-attack

Frequently Asked Questions

What is the severity of CVE-2021-38543?
CVE-2021-38543 is considered a medium severity vulnerability due to the potential for remote attackers to exploit the device.
How do I fix CVE-2021-38543?
To mitigate CVE-2021-38543, ensure that your TP-Link UE330 firmware is updated to a version post-2021-08-09.
What devices are affected by CVE-2021-38543?
CVE-2021-38543 affects the TP-Link UE330 USB splitter devices running specific firmware versions up to 2021-08-09.
What type of attack is demonstrated by CVE-2021-38543?
CVE-2021-38543 demonstrates a 'Glowworm' attack, where attackers can recover audio signals via observation of the device's LED.
Can CVE-2021-38543 be exploited remotely?
Yes, CVE-2021-38543 can be exploited remotely under specific conditions involving the device's power supply to audio-output equipment.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/last-modified-date
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/tp-link
canonical/tp-link ue330 firmware
version/tp-link ue330 firmware/2021-08-09

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.