CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2189

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile15.55th
PublishedDec 22, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.

Affected Platforms (CPE)

πŸ”Œ
Apple

Airport Express Base Station Firmware

<= 7.4.2
πŸ”Œ
Apple

Airport Express Base Station Firmware

= 3.84
πŸ”Œ
Apple

Airport Express Base Station Firmware

= 4.0.9
πŸ”Œ
Apple

Airport Express Base Station Firmware

= 6.1
πŸ”Œ
Apple

Airport Express Base Station Firmware

= 6.3
πŸ”Œ
Apple

Airport Express Base Station Firmware

= 7.3.2
πŸ”Œ
Apple

Airport Express Base Station Firmware

= 7.4.1
πŸ”Œ
Apple

Airport Extreme Base Station Firmware

= 5.5
πŸ”Œ
Apple

Airport Extreme Base Station Firmware

= 5.7
πŸ”Œ
Apple

Airport Express

All versions
πŸ”Œ
Apple

Airport Extreme

All versions
πŸ”Œ
Apple

Time Capsule

All versions

References & Advisories

πŸ”— http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
πŸ”— http://support.apple.com/kb/HT4298
πŸ”— http://www.securitytracker.com/id?1024907
πŸ”— http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
πŸ”— http://support.apple.com/kb/HT4298
πŸ”— http://www.securitytracker.com/id?1024907

Related Vulnerabilities

CVE-2010-18047.1

Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort...

CVE-2010-00392.6

The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with...

CVE-2009-427310.0

stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command...

CVE-2009-414310.0

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt ...