Remote Code Execution Vulnerability in JBL Go 2 Devices
CVE-2021-38548

5.9MEDIUM

Key Information:

Vendor: Jbl
Status: Go 2 Firmware
Vendor: CVE Published:; 11 August 2021

What is CVE-2021-38548?

The JBL Go 2 devices are vulnerable to a novel attack wherein remote attackers can exploit the power indicator LED to recover audio signals. This method, referred to as a 'Glowworm' attack, relies on the correlation between the power consumption of the device and the intensity of the LED. As the sound played by the speakers influences their power consumption, an adversary equipped with a telescope and an electro-optical sensor can detect variations in light intensity to extract speech signals being played through the device. This vulnerability highlights significant implications for user privacy and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.nassiben.com/glowworm-attack

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 11, 2021
Vulnerability Reserved
Aug 11, 2021

JSON

Jbl

What is CVE-2021-38548?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.