Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-2189

The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.

Published

2010-12-22T03:00:01.347

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.1 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

6.5

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-399
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Hardware apple airport_express_base_station_firmware ≤ 7.4.2 Yes
Hardware apple airport_express_base_station_firmware 3.84 Yes
Hardware apple airport_express_base_station_firmware 4.0.9 Yes
Hardware apple airport_express_base_station_firmware 6.1 Yes
Hardware apple airport_express_base_station_firmware 6.3 Yes
Hardware apple airport_express_base_station_firmware 7.3.2 Yes
Hardware apple airport_express_base_station_firmware 7.4.1 Yes
Hardware apple airport_extreme_base_station_firmware 5.5 Yes
Hardware apple airport_extreme_base_station_firmware 5.7 Yes
Hardware apple airport_express * Yes
Hardware apple airport_extreme * Yes
Hardware apple time_capsule * Yes
References