PT-2010-1864 · Apple · Time Capsule+2

Sabahattin Gucukoglu

Published

2010-12-22

Updated

2011-01-19

CVE-2010-0039

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station versions prior to 7.5.2

Description The issue allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server. This is due to the Application-Level Gateway (ALG) modifying PORT commands in incoming FTP traffic.

Recommendations For Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station versions prior to 7.5.2, update the firmware to version 7.5.2 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-0039

Affected Products

Airport Express Base Station

Airport Extreme Base Station

Time Capsule

PT-2010-1864 · Apple · Time Capsule+2

CVE-2010-0039

Weakness Enumeration

Related Identifiers

Affected Products

References · 4