{"api_version":"1","generated_at":"2026-05-12T21:25:16+00:00","cve":"CVE-2009-2822","urls":{"html":"https://cve.report/CVE-2009-2822","api":"https://cve.report/api/cve/CVE-2009-2822.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-2822","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-2822"},"summary":{"title":"CVE-2009-2822","description":"AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.","state":"PUBLISHED","assigner":"mitre","published_at":"2010-04-05 16:30:00","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.vupen.com/english/advisories/2010/0778","name":"http://www.vupen.com/english/advisories/2010/0778","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/39134","name":"http://www.securityfocus.com/bid/39134","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Apple AirPort Base Station MAC Address ACL Remote Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/39160","name":"http://secunia.com/advisories/39160","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Apple AirPort Base Station Network Access Restriction Bypass - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1023801","name":"http://securitytracker.com/id?1023801","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Apple AirPort Base Station Lets Remote Users Access Restricted Networks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/63420","name":"http://www.osvdb.org/63420","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html","name":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"APPLE-SA-2010-03-31-1 AirPort Base Station Update 2010-001","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57434","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57434","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT3958","name":"http://support.apple.com/kb/HT3958","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"About the security content of AirPort Base Station Update 2010-001","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-2822","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2822","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"2822","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"apple","cpe5":"airport_base_station","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"airport_utility","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"airport_utility","cpe6":"5.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"airport_utility","cpe6":"5.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"airport_utility","cpe6":"5.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2822","vulnerable":"1","versionEndIncluding":"5.4.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"airport_utility","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T06:07:37.334Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"APPLE-SA-2010-03-31-1","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"},{"name":"1023801","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1023801"},{"name":"ADV-2010-0778","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/0778"},{"name":"39134","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/39134"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.apple.com/kb/HT3958"},{"name":"airportbasestation-acl-security-bypass(57434)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"},{"name":"39160","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/39160"},{"name":"63420","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/63420"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2010-03-31T00:00:00.000Z","descriptions":[{"lang":"en","value":"AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"APPLE-SA-2010-03-31-1","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"},{"name":"1023801","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1023801"},{"name":"ADV-2010-0778","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/0778"},{"name":"39134","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/39134"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.apple.com/kb/HT3958"},{"name":"airportbasestation-acl-security-bypass(57434)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"},{"name":"39160","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/39160"},{"name":"63420","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/63420"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-2822","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"APPLE-SA-2010-03-31-1","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"},{"name":"1023801","refsource":"SECTRACK","url":"http://securitytracker.com/id?1023801"},{"name":"ADV-2010-0778","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2010/0778"},{"name":"39134","refsource":"BID","url":"http://www.securityfocus.com/bid/39134"},{"name":"http://support.apple.com/kb/HT3958","refsource":"CONFIRM","url":"http://support.apple.com/kb/HT3958"},{"name":"airportbasestation-acl-security-bypass(57434)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"},{"name":"39160","refsource":"SECUNIA","url":"http://secunia.com/advisories/39160"},{"name":"63420","refsource":"OSVDB","url":"http://www.osvdb.org/63420"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-2822","datePublished":"2010-04-05T16:00:00.000Z","dateReserved":"2009-08-17T00:00:00.000Z","dateUpdated":"2024-08-07T06:07:37.334Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2010-04-05 16:30:00","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:airport_utility:*:*:*:*:*:*:*:*","versionEndIncluding":"5.4.2","matchCriteriaId":"C2F999B5-C91C-43D2-8531-7CBB0DF86ECD"},{"vulnerable":true,"criteria":"cpe:2.3:a:apple:airport_utility:5.0:*:*:*:*:*:*:*","matchCriteriaId":"F1BA856F-6D42-42AC-B975-2A7927536E50"},{"vulnerable":true,"criteria":"cpe:2.3:a:apple:airport_utility:5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"6AB57FF2-5355-4206-AF27-846B3D5E2630"},{"vulnerable":true,"criteria":"cpe:2.3:a:apple:airport_utility:5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"4D4F51A7-50DC-4392-9729-359AE02BEF66"},{"vulnerable":true,"criteria":"cpe:2.3:a:apple:airport_utility:5.4.1:*:*:*:*:*:*:*","matchCriteriaId":"28375618-90B2-4A94-BDFC-D960A3237F88"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:apple:airport_base_station:*:*:*:*:*:*:*:*","matchCriteriaId":"6E207B64-7129-48BD-9EAE-7773ECDDBBC0"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"2822","Ordinal":"1","Title":"CVE-2009-2822","CVE":"CVE-2009-2822","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"2822","Ordinal":"1","NoteData":"AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.","Type":"Description","Title":"CVE-2009-2822"},{"CveYear":"2009","CveId":"2822","Ordinal":"2","NoteData":"2010-04-05","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"2822","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}