Search criteria
6 vulnerabilities found for activator by ekahau
VAR-201412-0564
Vulnerability from variot - Updated: 2025-04-13 23:25Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts. Ekahau Real-Time Location System is prone to multiple security weaknesses. Successful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Ekahau Real-Time Location System (RTLS) is a real-time positioning system based on Wi-Fi (wireless) of Ekahau Company in the United States. Activator is one of the label setter components. A security vulnerability exists in several Ekahau products due to program reuse of RC4 cipher streams. A remote attacker can use the XOR operation to exploit this vulnerability to obtain plaintext information. The following products and versions are affected: Ekahau B4 staff badge tag version 5.7 using firmware version 1.4.52, RTLS Controller version 6.0.5-FINAL, Activator 3 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0564",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "activator",
"scope": "eq",
"trust": 2.4,
"vendor": "ekahau",
"version": "3"
},
{
"model": "real-time location system controller",
"scope": "eq",
"trust": 2.4,
"vendor": "ekahau",
"version": "6.0.5-final"
},
{
"model": "b4 staff badge tag",
"scope": "eq",
"trust": 1.6,
"vendor": "ekahau",
"version": "1.4.52"
},
{
"model": "b4 badge tag",
"scope": "eq",
"trust": 0.8,
"vendor": "ekahau",
"version": "5.7"
},
{
"model": "b4 badge tag",
"scope": "eq",
"trust": 0.8,
"vendor": "ekahau",
"version": "1.4.52"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007317"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-348"
},
{
"db": "NVD",
"id": "CVE-2014-2716"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ekahau:activator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ekahau:b4_staff_badge_tag",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ekahau:b4_staff_badge_tag_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ekahau:real-time_location_system_controller",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007317"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Gullasch and Max Moser",
"sources": [
{
"db": "BID",
"id": "71674"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-348"
}
],
"trust": 0.9
},
"cve": "CVE-2014-2716",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2716",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-70655",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2716",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2716",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-348",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70655",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70655"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007317"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-348"
},
{
"db": "NVD",
"id": "CVE-2014-2716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts. Ekahau Real-Time Location System is prone to multiple security weaknesses. \nSuccessful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Ekahau Real-Time Location System (RTLS) is a real-time positioning system based on Wi-Fi (wireless) of Ekahau Company in the United States. Activator is one of the label setter components. A security vulnerability exists in several Ekahau products due to program reuse of RC4 cipher streams. A remote attacker can use the XOR operation to exploit this vulnerability to obtain plaintext information. The following products and versions are affected: Ekahau B4 staff badge tag version 5.7 using firmware version 1.4.52, RTLS Controller version 6.0.5-FINAL, Activator 3 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2716"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007317"
},
{
"db": "BID",
"id": "71674"
},
{
"db": "VULHUB",
"id": "VHN-70655"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2716",
"trust": 2.8
},
{
"db": "BID",
"id": "71674",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "129585",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007317",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-348",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-70655",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70655"
},
{
"db": "BID",
"id": "71674"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007317"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-348"
},
{
"db": "NVD",
"id": "CVE-2014-2716"
}
]
},
"id": "VAR-201412-0564",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-70655"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:25:20.526000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ekahau.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007317"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70655"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007317"
},
{
"db": "NVD",
"id": "CVE-2014-2716"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.modzero.ch/advisories/mz-14-01-ekahau-rtls.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/71674"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/129585/ekahau-real-time-location-system-rc4-cipher-stream-reuse-weak-key-derivation.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2716"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2716"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/534241/100/0/threaded"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70655"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007317"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-348"
},
{
"db": "NVD",
"id": "CVE-2014-2716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-70655"
},
{
"db": "BID",
"id": "71674"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007317"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-348"
},
{
"db": "NVD",
"id": "CVE-2014-2716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-70655"
},
{
"date": "2014-12-15T00:00:00",
"db": "BID",
"id": "71674"
},
{
"date": "2014-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007317"
},
{
"date": "2014-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-348"
},
{
"date": "2014-12-19T15:59:05.080000",
"db": "NVD",
"id": "CVE-2014-2716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-70655"
},
{
"date": "2015-03-08T16:04:00",
"db": "BID",
"id": "71674"
},
{
"date": "2014-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007317"
},
{
"date": "2014-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-348"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-348"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Ekahau Vulnerability in obtaining plaintext messages in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007317"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-348"
}
],
"trust": 0.6
}
}
VAR-201412-0103
Vulnerability from variot - Updated: 2025-04-13 23:25Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. Ekahau Real-Time Location System is prone to multiple security weaknesses. Successful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Ekahau Real-Time Location System (RTLS) is a real-time positioning system based on Wi-Fi (wireless) of Ekahau Company in the United States. Activator is one of the label setter components. There are security vulnerabilities in several Ekahau products. The vulnerability stems from the fact that the program uses part of the MAC address as part of the RC4 installation key
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "activator",
"scope": "eq",
"trust": 2.4,
"vendor": "ekahau",
"version": "3"
},
{
"model": "real-time location system controller",
"scope": "eq",
"trust": 2.4,
"vendor": "ekahau",
"version": "6.0.5-final"
},
{
"model": "b4 staff badge tag",
"scope": "eq",
"trust": 1.6,
"vendor": "ekahau",
"version": "1.4.52"
},
{
"model": "b4 staff badge tag",
"scope": "eq",
"trust": 1.0,
"vendor": "ekahau",
"version": "5.7"
},
{
"model": "b4 badge tag",
"scope": "eq",
"trust": 0.8,
"vendor": "ekahau",
"version": "5.7"
},
{
"model": "b4 badge tag",
"scope": "eq",
"trust": 0.8,
"vendor": "ekahau",
"version": "1.4.52"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ekahau:activator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ekahau:b4_staff_badge_tag",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ekahau:b4_staff_badge_tag_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ekahau:real-time_location_system_controller",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Gullasch and Max Moser",
"sources": [
{
"db": "BID",
"id": "71674"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9408",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-77353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9408",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-9408",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-447",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77353",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. Ekahau Real-Time Location System is prone to multiple security weaknesses. \nSuccessful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Ekahau Real-Time Location System (RTLS) is a real-time positioning system based on Wi-Fi (wireless) of Ekahau Company in the United States. Activator is one of the label setter components. There are security vulnerabilities in several Ekahau products. The vulnerability stems from the fact that the program uses part of the MAC address as part of the RC4 installation key",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9408"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "BID",
"id": "71674"
},
{
"db": "VULHUB",
"id": "VHN-77353"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9408",
"trust": 2.8
},
{
"db": "BID",
"id": "71674",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "129585",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-77353",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77353"
},
{
"db": "BID",
"id": "71674"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"id": "VAR-201412-0103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-77353"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:25:20.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ekahau.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.modzero.ch/advisories/mz-14-01-ekahau-rtls.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/71674"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/129585/ekahau-real-time-location-system-rc4-cipher-stream-reuse-weak-key-derivation.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9408"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9408"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/534241/100/0/threaded"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-77353"
},
{
"db": "BID",
"id": "71674"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-77353"
},
{
"date": "2014-12-15T00:00:00",
"db": "BID",
"id": "71674"
},
{
"date": "2014-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"date": "2014-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"date": "2014-12-19T15:59:34.253000",
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-77353"
},
{
"date": "2015-03-08T16:04:00",
"db": "BID",
"id": "71674"
},
{
"date": "2014-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"date": "2014-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Ekahau Vulnerability that guesses the setup key in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
}
],
"trust": 0.6
}
}
CVE-2014-9408 (GCVE-0-2014-9408)
Vulnerability from nvd – Published: 2014-12-19 15:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71674"
},
{
"name": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt",
"refsource": "MISC",
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9408",
"datePublished": "2014-12-19T15:00:00.000Z",
"dateReserved": "2014-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:25.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2716 (GCVE-0-2014-2716)
Vulnerability from nvd – Published: 2014-12-19 15:00 – Updated: 2024-08-06 10:21
VLAI?
Summary
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:36.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71674"
},
{
"name": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt",
"refsource": "MISC",
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2716",
"datePublished": "2014-12-19T15:00:00.000Z",
"dateReserved": "2014-04-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:21:36.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2716 (GCVE-0-2014-2716)
Vulnerability from cvelistv5 – Published: 2014-12-19 15:00 – Updated: 2024-08-06 10:21
VLAI?
Summary
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:36.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71674"
},
{
"name": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt",
"refsource": "MISC",
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2716",
"datePublished": "2014-12-19T15:00:00.000Z",
"dateReserved": "2014-04-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:21:36.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9408 (GCVE-0-2014-9408)
Vulnerability from cvelistv5 – Published: 2014-12-19 15:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html"
},
{
"name": "71674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71674"
},
{
"name": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt",
"refsource": "MISC",
"url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt"
},
{
"name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9408",
"datePublished": "2014-12-19T15:00:00.000Z",
"dateReserved": "2014-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:25.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}