CVE-2021-38549

Name of the Vulnerable Software and Affected Versions MIRACASE MHUB500 USB splitters through 2021-08-09

Description The issue allows remote attackers to recover speech signals from an LED on the device via a telescope and an electro-optical sensor, also known as a "Glowworm" attack. This occurs when the device supplies power to audio-output equipment. The power indicator LED's intensity is correlative to the device's power consumption, which is affected by the sound played by connected speakers. By analyzing measurements from an electro-optical sensor directed at the power indicator LED, it is possible to recover the sound played by the connected speakers.

Recommendations For MIRACASE MHUB500 USB splitters through 2021-08-09, consider disabling the power indicator LED or restricting the use of the USB splitter to minimize the risk of exploitation until a fix is available. Avoid using the USB splitter to supply power to audio-output equipment that may handle sensitive information. As a temporary workaround, use an alternative power source for audio-output equipment to prevent the correlation between power consumption and sound output. At the moment, there is no information about a newer version that contains a fix for this vulnerability.