Sign-up

ID

VAR-201412-0103


CVE

CVE-2014-9408


TITLE

plural Ekahau Vulnerability that guesses the setup key in the product

Trust: 0.8

sources: JVNDB: JVNDB-2014-007319

DESCRIPTION

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. Ekahau Real-Time Location System is prone to multiple security weaknesses. Successful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Ekahau Real-Time Location System (RTLS) is a real-time positioning system based on Wi-Fi (wireless) of Ekahau Company in the United States. Activator is one of the label setter components. There are security vulnerabilities in several Ekahau products. The vulnerability stems from the fact that the program uses part of the MAC address as part of the RC4 installation key

Trust: 1.98

sources: NVD: CVE-2014-9408 // JVNDB: JVNDB-2014-007319 // BID: 71674 // VULHUB: VHN-77353

AFFECTED PRODUCTS

vendor:ekahaumodel:activatorscope:eqversion:3

Trust: 2.4

vendor:ekahaumodel:real-time location system controllerscope:eqversion:6.0.5-final

Trust: 2.4

vendor:ekahaumodel:b4 staff badge tagscope:eqversion:1.4.52

Trust: 1.6

vendor:ekahaumodel:b4 staff badge tagscope:eqversion:5.7

Trust: 1.0

vendor:ekahaumodel:b4 badge tagscope:eqversion:5.7

Trust: 0.8

vendor:ekahaumodel:b4 badge tagscope:eqversion:1.4.52

Trust: 0.8

sources: JVNDB: JVNDB-2014-007319 // CNNVD: CNNVD-201412-447 // NVD: CVE-2014-9408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9408
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-9408
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-447
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77353
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9408
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-77353
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-77353 // JVNDB: JVNDB-2014-007319 // CNNVD: CNNVD-201412-447 // NVD: CVE-2014-9408

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-77353 // JVNDB: JVNDB-2014-007319 // NVD: CVE-2014-9408

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-447

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-447

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007319

PATCH
title:Top Pageurl:http://www.ekahau.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007319

EXTERNAL IDS
db:NVDid:CVE-2014-9408
Trust: 2.8
db:BIDid:71674
Trust: 2.0
db:PACKETSTORMid:129585
Trust: 1.7
db:JVNDBid:JVNDB-2014-007319
Trust: 0.8
db:CNNVDid:CNNVD-201412-447
Trust: 0.7
db:VULHUBid:VHN-77353
Trust: 0.1
sources:
            
            
            VULHUB: VHN-77353 // 
            
            
            
            BID: 71674 // 
            
            
            
            JVNDB: JVNDB-2014-007319 // 
            
            
            
            CNNVD: CNNVD-201412-447 // 
            
            
            
            NVD: CVE-2014-9408

REFERENCES
url:http://www.modzero.ch/advisories/mz-14-01-ekahau-rtls.txt
Trust: 2.5
url:http://www.securityfocus.com/bid/71674
Trust: 1.7
url:http://packetstormsecurity.com/files/129585/ekahau-real-time-location-system-rc4-cipher-stream-reuse-weak-key-derivation.html
Trust: 1.7
url:http://www.securityfocus.com/archive/1/534241/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9408
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9408
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/534241/100/0/threaded
Trust: 0.6
sources:
            
            
            VULHUB: VHN-77353 // 
            
            
            
            JVNDB: JVNDB-2014-007319 // 
            
            
            
            CNNVD: CNNVD-201412-447 // 
            
            
            
            NVD: CVE-2014-9408

CREDITS
David Gullasch and Max Moser
Trust: 0.3
sources:
            
            
            BID: 71674

SOURCES
db:VULHUBid:VHN-77353
db:BIDid:71674
db:JVNDBid:JVNDB-2014-007319
db:CNNVDid:CNNVD-201412-447
db:NVDid:CVE-2014-9408

LAST UPDATE DATE
2025-04-13T23:25:20.498000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-77353date:2018-10-09T00:00:00
db:BIDid:71674date:2015-03-08T16:04:00
db:JVNDBid:JVNDB-2014-007319date:2014-12-22T00:00:00
db:CNNVDid:CNNVD-201412-447date:2014-12-23T00:00:00
db:NVDid:CVE-2014-9408date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-77353date:2014-12-19T00:00:00
db:BIDid:71674date:2014-12-15T00:00:00
db:JVNDBid:JVNDB-2014-007319date:2014-12-22T00:00:00
db:CNNVDid:CNNVD-201412-447date:2014-12-23T00:00:00
db:NVDid:CVE-2014-9408date:2014-12-19T15:59:34.253