CyberSec.Space Logo
Back to CVE Browser

CVE-2010-0962

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0580%
EPSS Percentile20.10th
PublishedMar 10, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.

Affected Platforms (CPE)

πŸ”Œ
Apple

Airport Express

= 7.5
πŸ”Œ
Apple

Airport Extreme

= 7.5
πŸ”Œ
Apple

Time Capsule

= 7.5

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2010/Mar/106
πŸ”— http://www.securityfocus.com/archive/1/509867/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/509974/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/38543
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/56701
πŸ”— http://seclists.org/fulldisclosure/2010/Mar/106
πŸ”— http://www.securityfocus.com/archive/1/509867/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/509974/100/0/threaded

Related Vulnerabilities

CVE-2010-18047.1

Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort...

CVE-2009-21896.1

The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware ...

CVE-2005-02895.0

Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attack...

CVE-2005-37145.0

The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7...