Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0039

The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.

Published

2010-12-22T03:00:01.390

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.6 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

4.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Hardware apple airport_express_base_station_firmware ≤ 7.4.2 Yes
Hardware apple airport_express_base_station_firmware 3.84 Yes
Hardware apple airport_express_base_station_firmware 4.0.9 Yes
Hardware apple airport_express_base_station_firmware 6.1 Yes
Hardware apple airport_express_base_station_firmware 6.3 Yes
Hardware apple airport_express_base_station_firmware 7.3.2 Yes
Hardware apple airport_express_base_station_firmware 7.4.1 Yes
Hardware apple airport_extreme_base_station_firmware 5.5 Yes
Hardware apple airport_extreme_base_station_firmware 5.7 Yes
Hardware apple airport_express * Yes
Hardware apple airport_extreme * Yes
Hardware apple time_capsule * Yes
References