CVE-2014-2716

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System RTLS Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts...

Code injection

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System RTLS Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts...

CVE-2014-2716

The CVE-2014-2716 entry concerns Ekahau Real-Time Location System components (B4 staff badge tag v5.7, firmware 1.4.52; RTLS Controller v6.0.5-FINAL; Activator 3) where RC4 cipher streams are reused across messages. Modzero’s advisory details two vulnerabilities: (1) RC4 stream reuse enabling an ...

CVE-2014-9408

The CVE-2014-9408 entry concerns Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, RTLS Controller 6.0.5-FINAL, and Activator 3, where parts of the MAC address are used in the RC4 setup key. This design allows brute-force guessing of the key by remote attackers, per the provided records. The co...