The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware prior to 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote malicious users to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple airport_express_base_station_firmware 7.3.2 |
||
apple airport_express_base_station_firmware 4.0.9 |
||
apple airport_extreme_base_station_firmware 5.7 |
||
apple airport_express_base_station_firmware 6.1 |
||
apple airport_express_base_station_firmware 6.3 |
||
apple airport_express_base_station_firmware |
||
apple airport_express_base_station_firmware 7.4.1 |
||
apple airport_extreme_base_station_firmware 5.5 |
||
apple airport_express_base_station_firmware 3.84 |
||
apple time_capsule |
||
apple airport_extreme |
||
apple airport_express |