CVE-2021-38365

Name of the Vulnerable Software and Affected Versions Winner (aka ToneWinner) desktop speakers through 2021-08-09

Description The issue allows remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, also known as a "Glowworm" attack. This attack exploits the power-indicator LED to potentially capture sensitive information.

Recommendations For Winner (aka ToneWinner) desktop speakers through 2021-08-09, consider disabling the power-indicator LED as a temporary workaround to minimize the risk of exploitation. Restrict access to the area where the speakers are used to prevent potential attackers from using a telescope and an electro-optical sensor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.