{"api_version":"1","generated_at":"2026-05-12T21:25:16+00:00","cve":"CVE-2007-1338","urls":{"html":"https://cve.report/CVE-2007-1338","api":"https://cve.report/api/cve/CVE-2007-1338.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-1338","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-1338"},"summary":{"title":"CVE-2007-1338","description":"The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the \"Block incoming IPv6 connections\" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-03-08 22:19:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://arstechnica.com/journals/apple.ars/2007/2/14/7063","name":"http://arstechnica.com/journals/apple.ars/2007/2/14/7063","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"New Airport Extreme could expose Macs via IPv6","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1017889","name":"http://www.securitytracker.com/id?1017889","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - AirPort Extreme Base Station with 802.11n Discloses Filenames to Remote Users and Allows Incoming IPv6 Connections","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2007/Apr/msg00000.html","name":"http://lists.apple.com/archives/security-announce/2007/Apr/msg00000.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APPLE-SA-2007-04-09 Firmware version 7.1 for AirPort Extreme Base\tStation with 802.11n*","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24830","name":"http://secunia.com/advisories/24830","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Apple AirPort Extreme Base Station Two Weaknesses - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1308","name":"http://www.vupen.com/english/advisories/2007/1308","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33526","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33526","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/34843","name":"http://osvdb.org/34843","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://docs.info.apple.com/article.html?artnum=305366","name":"http://docs.info.apple.com/article.html?artnum=305366","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of Firmware Update 7.1 for AirPort Extreme Base Station with 802.11n","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-1338","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1338","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"1338","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"apple","cpe5":"airport_extreme","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T12:50:34.955Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"24830","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24830"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://arstechnica.com/journals/apple.ars/2007/2/14/7063"},{"name":"ADV-2007-1308","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1308"},{"name":"APPLE-SA-2007-04-09","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2007/Apr/msg00000.html"},{"name":"airportextreme-ipv6-security-bypass(33526)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33526"},{"name":"1017889","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1017889"},{"name":"34843","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/34843"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://docs.info.apple.com/article.html?artnum=305366"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-02-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the \"Block incoming IPv6 connections\" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"24830","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24830"},{"tags":["x_refsource_MISC"],"url":"http://arstechnica.com/journals/apple.ars/2007/2/14/7063"},{"name":"ADV-2007-1308","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1308"},{"name":"APPLE-SA-2007-04-09","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2007/Apr/msg00000.html"},{"name":"airportextreme-ipv6-security-bypass(33526)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33526"},{"name":"1017889","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1017889"},{"name":"34843","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/34843"},{"tags":["x_refsource_CONFIRM"],"url":"http://docs.info.apple.com/article.html?artnum=305366"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-1338","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the \"Block incoming IPv6 connections\" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"24830","refsource":"SECUNIA","url":"http://secunia.com/advisories/24830"},{"name":"http://arstechnica.com/journals/apple.ars/2007/2/14/7063","refsource":"MISC","url":"http://arstechnica.com/journals/apple.ars/2007/2/14/7063"},{"name":"ADV-2007-1308","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1308"},{"name":"APPLE-SA-2007-04-09","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2007/Apr/msg00000.html"},{"name":"airportextreme-ipv6-security-bypass(33526)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33526"},{"name":"1017889","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017889"},{"name":"34843","refsource":"OSVDB","url":"http://osvdb.org/34843"},{"name":"http://docs.info.apple.com/article.html?artnum=305366","refsource":"CONFIRM","url":"http://docs.info.apple.com/article.html?artnum=305366"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-1338","datePublished":"2007-03-07T23:00:00.000Z","dateReserved":"2007-03-07T00:00:00.000Z","dateUpdated":"2024-08-07T12:50:34.955Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-03-08 22:19:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":true,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:apple:airport_extreme:7.1:*:*:*:*:*:*:*","matchCriteriaId":"8171F2F2-4D34-4B95-ABB1-A9C76D4890B9"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"1338","Ordinal":"1","Title":"CVE-2007-1338","CVE":"CVE-2007-1338","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"1338","Ordinal":"1","NoteData":"The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the \"Block incoming IPv6 connections\" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.","Type":"Description","Title":"CVE-2007-1338"},{"CveYear":"2007","CveId":"1338","Ordinal":"2","NoteData":"2007-03-07","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"1338","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}