Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-0962 | 1 Apple | 3 Airport Express, Airport Extreme, Time Capsule | 2018-10-10 | 5.0 MEDIUM | N/A |
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. | |||||
CVE-2010-1804 | 1 Apple | 5 Airport Express, Airport Express Base Station Firmware, Airport Extreme and 2 more | 2011-01-18 | 7.1 HIGH | N/A |
Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply. | |||||
CVE-2010-0039 | 1 Apple | 5 Airport Express, Airport Express Base Station Firmware, Airport Extreme and 2 more | 2011-01-18 | 2.6 LOW | N/A |
The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server. | |||||
CVE-2009-2189 | 1 Apple | 5 Airport Express, Airport Express Base Station Firmware, Airport Extreme and 2 more | 2011-01-18 | 6.1 MEDIUM | N/A |
The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets. |