Multiple vulnerabilities in Intel PROSet/Wireless WiFi and Killer WiFi

Published: 2022-02-09

Risk	Low
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2021-33113 CVE-2021-33115 CVE-2021-33114
CWE-ID	CWE-20
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software Subscribe	Intel Wi-Fi 6E AX210 Hardware solutions / Firmware Intel Wi-Fi 6 AX201 Hardware solutions / Firmware Intel Wi-Fi 6 AX200 Hardware solutions / Firmware Intel Wireless-AC 9560 Hardware solutions / Firmware Intel Wireless-AC 9462 Hardware solutions / Firmware Intel Wireless-AC 9461 Hardware solutions / Firmware Intel Wireless-AC 9260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8265 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 3168 Hardware solutions / Firmware Intel Wireless 7265 (Rev D) Family Hardware solutions / Firmware Intel Dual Band Wireless-AC 3165 Hardware solutions / Firmware Killer Wi-Fi 6E AX1675 Hardware solutions / Firmware Killer Wi-Fi 6 AX1650 Hardware solutions / Firmware Killer Wireless-AC 1550 Hardware solutions / Firmware Killer Hardware solutions / Firmware Intel PROSet/Wireless WiFi Software Hardware solutions / Drivers
Vendor	Intel

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU60475

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33113

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and enable denial of service (DoS) or information disclosure.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX210: All versions

Intel Wi-Fi 6 AX201: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wireless-AC 9560: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9260: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Dual Band Wireless-AC 8260: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3165: All versions

Killer Wi-Fi 6E AX1675: All versions

Killer Wi-Fi 6 AX1650: All versions

Killer Wireless-AC 1550: All versions

Intel PROSet/Wireless WiFi Software: before 22.80

Killer: before 3.1021.733.0

Fixed software versions

CPE2.3

cpe:2.3:h:intel:intel_wi-fi_6e_ax210:*:*:*:*:*:*:*:*

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00582.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Input validation error

EUVDB-ID: #VU60476

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33115

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and gain elevated privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX210: All versions

Intel Wi-Fi 6 AX201: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wireless-AC 9560: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9260: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Dual Band Wireless-AC 8260: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3165: All versions

Intel PROSet/Wireless WiFi Software: before 22.80

Fixed software versions

CPE2.3

cpe:2.3:h:intel:intel_wi-fi_6e_ax210:*:*:*:*:*:*:*:*

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00582.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU60477

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33114

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated attacker on the local network can pass specially crafted input to the application and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX210: All versions

Intel Wi-Fi 6 AX201: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wireless-AC 9560: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9260: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Dual Band Wireless-AC 8260: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3165: All versions

Killer Wi-Fi 6E AX1675: All versions

Killer Wi-Fi 6 AX1650: All versions

Killer Wireless-AC 1550: All versions

Intel PROSet/Wireless WiFi Software: before 22.80

Killer: before 3.1021.733.0

Fixed software versions

CPE2.3

cpe:2.3:h:intel:intel_wi-fi_6e_ax210:*:*:*:*:*:*:*:*

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00582.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?