Vulnerabilities > Apple > Airport Extreme

DATE CVE VULNERABILITY TITLE RISK
2010-12-22 CVE-2010-1804 Unspecified vulnerability in Apple products
Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply.
network
apple
7.1
2010-12-22 CVE-2010-0039 Permissions, Privileges, and Access Controls vulnerability in Apple products
The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
network
high complexity
apple CWE-264
2.6
2010-12-22 CVE-2009-2189 Resource Management Errors vulnerability in Apple products
The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.
low complexity
apple CWE-399
6.1
2010-03-10 CVE-2010-0962 Permissions, Privileges, and Access Controls vulnerability in Apple Airport Express, Airport Extreme and Time Capsule
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.
network
low complexity
apple CWE-264
5.0
2007-04-10 CVE-2007-0734 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X
fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption.
5.4
2007-03-08 CVE-2007-1338 Security Bypass vulnerability in Apple Airport Extreme 7.1
The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.
network
low complexity
apple
7.5
2006-12-05 CVE-2006-6292 Denial Of Service vulnerability in Apple mac OS X 10.4.8
Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames.
5.7
2005-12-31 CVE-2005-3714 Resource Management Errors vulnerability in Apple Airport Express and Airport Extreme
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.
network
low complexity
apple CWE-399
5.0
2005-05-02 CVE-2005-0289 Remote Denial of Service vulnerability in Apple AirPort Wireless Distribution System
Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs.
network
low complexity
apple
5.0