Denial of Service Vulnerability in Apple Time Capsule and AirPort Devices
CVE-2009-2189

Currently unrated

Key Information:

Vendor: Apple
Status: Airport Express Base Station Firmware; Airport Extreme Base Station Firmware; Airport Express; Airport Extreme
Vendor: CVE Published:; 22 December 2010

Summary

The ICMPv6 implementation in Apple Time Capsule, AirPort Extreme, and AirPort Express devices is vulnerable due to the lack of rate limiting for Router Advertisement and Neighbor Discovery packets. This deficiency allows remote attackers to overwhelm the affected devices with a high volume of packets, potentially leading to service disruption through resource exhaustion and device restarts. Firmware updates are essential to mitigate this issue.

References

http://lists.apple.com/archives/security-announce/2010//D...

vendor-advisoryx_refsource_APPLE

http://support.apple.com/kb/HT4298

x_refsource_CONFIRM

http://www.securitytracker.com/id?1024907

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Dec 22, 2010
Vulnerability Reserved
Jun 24, 2009