VAR-201412-0103
Vulnerability from variot - Updated: 2025-04-13 23:25Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. Ekahau Real-Time Location System is prone to multiple security weaknesses. Successful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Ekahau Real-Time Location System (RTLS) is a real-time positioning system based on Wi-Fi (wireless) of Ekahau Company in the United States. Activator is one of the label setter components. There are security vulnerabilities in several Ekahau products. The vulnerability stems from the fact that the program uses part of the MAC address as part of the RC4 installation key
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "activator",
"scope": "eq",
"trust": 2.4,
"vendor": "ekahau",
"version": "3"
},
{
"model": "real-time location system controller",
"scope": "eq",
"trust": 2.4,
"vendor": "ekahau",
"version": "6.0.5-final"
},
{
"model": "b4 staff badge tag",
"scope": "eq",
"trust": 1.6,
"vendor": "ekahau",
"version": "1.4.52"
},
{
"model": "b4 staff badge tag",
"scope": "eq",
"trust": 1.0,
"vendor": "ekahau",
"version": "5.7"
},
{
"model": "b4 badge tag",
"scope": "eq",
"trust": 0.8,
"vendor": "ekahau",
"version": "5.7"
},
{
"model": "b4 badge tag",
"scope": "eq",
"trust": 0.8,
"vendor": "ekahau",
"version": "1.4.52"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ekahau:activator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ekahau:b4_staff_badge_tag",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ekahau:b4_staff_badge_tag_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ekahau:real-time_location_system_controller",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Gullasch and Max Moser",
"sources": [
{
"db": "BID",
"id": "71674"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9408",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-77353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9408",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-9408",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-447",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77353",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. Ekahau Real-Time Location System is prone to multiple security weaknesses. \nSuccessful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Ekahau Real-Time Location System (RTLS) is a real-time positioning system based on Wi-Fi (wireless) of Ekahau Company in the United States. Activator is one of the label setter components. There are security vulnerabilities in several Ekahau products. The vulnerability stems from the fact that the program uses part of the MAC address as part of the RC4 installation key",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9408"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "BID",
"id": "71674"
},
{
"db": "VULHUB",
"id": "VHN-77353"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9408",
"trust": 2.8
},
{
"db": "BID",
"id": "71674",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "129585",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-77353",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77353"
},
{
"db": "BID",
"id": "71674"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"id": "VAR-201412-0103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-77353"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:25:20.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ekahau.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.modzero.ch/advisories/mz-14-01-ekahau-rtls.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/71674"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/129585/ekahau-real-time-location-system-rc4-cipher-stream-reuse-weak-key-derivation.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9408"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9408"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/534241/100/0/threaded"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-77353"
},
{
"db": "BID",
"id": "71674"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-77353"
},
{
"date": "2014-12-15T00:00:00",
"db": "BID",
"id": "71674"
},
{
"date": "2014-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"date": "2014-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"date": "2014-12-19T15:59:34.253000",
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-77353"
},
{
"date": "2015-03-08T16:04:00",
"db": "BID",
"id": "71674"
},
{
"date": "2014-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007319"
},
{
"date": "2014-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-447"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-9408"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Ekahau Vulnerability that guesses the setup key in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007319"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-447"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…