CVE-2010-0962
https://notcve.org/view.php?id=CVE-2010-0962
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. El servidor FTP proxy en Apple AirPort Express, AirPort Extreme, y Time Capsule con firmware v7.5, no limita las direcciones IP y los puertos en los comandos PORT desde los clientes, lo que permite a atacantes remotos aprovechar los servidores FTP de la intranet para el seguimiento TCP a través de un comando PORTA manipulado. • http://seclists.org/fulldisclosure/2010/Mar/106 http://www.securityfocus.com/archive/1/509867/100/0/threaded http://www.securityfocus.com/archive/1/509974/100/0/threaded http://www.securityfocus.com/bid/38543 https://exchange.xforce.ibmcloud.com/vulnerabilities/56701 • CWE-264: Permissions, Privileges, and Access Controls •