Sign-up

ID

VAR-201412-0564


CVE

CVE-2014-2716


TITLE

plural Ekahau Vulnerability in obtaining plaintext messages in products

Trust: 0.8

sources: JVNDB: JVNDB-2014-007317

DESCRIPTION

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts. Ekahau Real-Time Location System is prone to multiple security weaknesses. Successful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Ekahau Real-Time Location System (RTLS) is a real-time positioning system based on Wi-Fi (wireless) of Ekahau Company in the United States. Activator is one of the label setter components. A security vulnerability exists in several Ekahau products due to program reuse of RC4 cipher streams. A remote attacker can use the XOR operation to exploit this vulnerability to obtain plaintext information. The following products and versions are affected: Ekahau B4 staff badge tag version 5.7 using firmware version 1.4.52, RTLS Controller version 6.0.5-FINAL, Activator 3 version

Trust: 1.98

sources: NVD: CVE-2014-2716 // JVNDB: JVNDB-2014-007317 // BID: 71674 // VULHUB: VHN-70655

AFFECTED PRODUCTS

vendor:ekahaumodel:activatorscope:eqversion:3

Trust: 2.4

vendor:ekahaumodel:real-time location system controllerscope:eqversion:6.0.5-final

Trust: 2.4

vendor:ekahaumodel:b4 staff badge tagscope:eqversion:1.4.52

Trust: 1.6

vendor:ekahaumodel:b4 badge tagscope:eqversion:5.7

Trust: 0.8

vendor:ekahaumodel:b4 badge tagscope:eqversion:1.4.52

Trust: 0.8

sources: JVNDB: JVNDB-2014-007317 // CNNVD: CNNVD-201412-348 // NVD: CVE-2014-2716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2716
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2716
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-348
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70655
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2716
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70655
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70655 // JVNDB: JVNDB-2014-007317 // CNNVD: CNNVD-201412-348 // NVD: CVE-2014-2716

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-70655 // JVNDB: JVNDB-2014-007317 // NVD: CVE-2014-2716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-348

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201412-348

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007317

PATCH
title:Top Pageurl:http://www.ekahau.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007317

EXTERNAL IDS
db:NVDid:CVE-2014-2716
Trust: 2.8
db:BIDid:71674
Trust: 2.0
db:PACKETSTORMid:129585
Trust: 1.7
db:JVNDBid:JVNDB-2014-007317
Trust: 0.8
db:CNNVDid:CNNVD-201412-348
Trust: 0.7
db:VULHUBid:VHN-70655
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70655 // 
            
            
            
            BID: 71674 // 
            
            
            
            JVNDB: JVNDB-2014-007317 // 
            
            
            
            CNNVD: CNNVD-201412-348 // 
            
            
            
            NVD: CVE-2014-2716

REFERENCES
url:http://www.modzero.ch/advisories/mz-14-01-ekahau-rtls.txt
Trust: 2.5
url:http://www.securityfocus.com/bid/71674
Trust: 1.7
url:http://packetstormsecurity.com/files/129585/ekahau-real-time-location-system-rc4-cipher-stream-reuse-weak-key-derivation.html
Trust: 1.7
url:http://www.securityfocus.com/archive/1/534241/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2716
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2716
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/534241/100/0/threaded
Trust: 0.6
sources:
            
            
            VULHUB: VHN-70655 // 
            
            
            
            JVNDB: JVNDB-2014-007317 // 
            
            
            
            CNNVD: CNNVD-201412-348 // 
            
            
            
            NVD: CVE-2014-2716

CREDITS
David Gullasch and Max Moser
Trust: 0.9
sources:
            
            
            BID: 71674 // 
            
            
            
            CNNVD: CNNVD-201412-348

SOURCES
db:VULHUBid:VHN-70655
db:BIDid:71674
db:JVNDBid:JVNDB-2014-007317
db:CNNVDid:CNNVD-201412-348
db:NVDid:CVE-2014-2716

LAST UPDATE DATE
2025-04-13T23:25:20.526000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70655date:2018-10-09T00:00:00
db:BIDid:71674date:2015-03-08T16:04:00
db:JVNDBid:JVNDB-2014-007317date:2014-12-22T00:00:00
db:CNNVDid:CNNVD-201412-348date:2014-12-22T00:00:00
db:NVDid:CVE-2014-2716date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-70655date:2014-12-19T00:00:00
db:BIDid:71674date:2014-12-15T00:00:00
db:JVNDBid:JVNDB-2014-007317date:2014-12-22T00:00:00
db:CNNVDid:CNNVD-201412-348date:2014-12-16T00:00:00
db:NVDid:CVE-2014-2716date:2014-12-19T15:59:05.080