Multiple vulnerabilities in Intel PROSet/Wireless WiFi and Killer WiFi
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2022-21240 CVE-2022-21140 CVE-2022-21212 CVE-2021-23188 CVE-2022-21160 CVE-2022-21197 CVE-2022-21139 CVE-2022-21172 CVE-2021-26254 CVE-2021-44545 CVE-2021-23168 CVE-2021-23223 CVE-2021-37409 CVE-2022-21181 |
| CWE-ID | CWE-125 CWE-284 CWE-20 CWE-119 CWE-326 CWE-787 CWE-665 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel Wi-Fi 6E AX411 Hardware solutions / Firmware Intel Wi-Fi 6E AX211 Hardware solutions / Firmware Intel Wi-Fi 6E AX210 Hardware solutions / Firmware Intel Wi-Fi 6 AX201 Hardware solutions / Firmware Intel Wi-Fi 6 AX200 Hardware solutions / Firmware Intel Wireless-AC 9560 Hardware solutions / Firmware Intel Wireless-AC 9462 Hardware solutions / Firmware Intel Wireless-AC 9461 Hardware solutions / Firmware Intel Wireless-AC 9260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 3168 Hardware solutions / Firmware Intel Wireless 7265 (Rev D) Family Hardware solutions / Firmware Intel Dual Band Wireless-AC 3165 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8265 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8260 Hardware solutions / Firmware Killer Wi-Fi 6E AX1690 Hardware solutions / Firmware Killer Wi-Fi 6E AX1675 Hardware solutions / Firmware Killer Wi-Fi 6 AX1650 Hardware solutions / Firmware Killer Wireless-AC 1550 Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU66438
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21240
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local administrator trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU66446
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21140
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local administrator can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
Intel Dual Band Wireless-AC 3168: before 22.120
Intel Wireless 7265 (Rev D) Family: before 22.120
Intel Dual Band Wireless-AC 3165: before 22.120
Intel Dual Band Wireless-AC 8265: before 22.120
Intel Dual Band Wireless-AC 8260: before 22.120
Killer Wi-Fi 6E AX1690: before 3.1122.1105
Killer Wi-Fi 6E AX1675: before 3.1122.1105
Killer Wi-Fi 6 AX1650: before 3.1122.1105
Killer Wireless-AC 1550: before 3.1122.1105
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU66445
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21212
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU66444
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23188
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
Intel Dual Band Wireless-AC 3168: before 22.120
Intel Wireless 7265 (Rev D) Family: before 22.120
Intel Dual Band Wireless-AC 3165: before 22.120
Intel Dual Band Wireless-AC 8265: before 22.120
Intel Dual Band Wireless-AC 8260: before 22.120
Killer Wi-Fi 6E AX1690: before 3.1122.1105
Killer Wi-Fi 6E AX1675: before 3.1122.1105
Killer Wi-Fi 6 AX1650: before 3.1122.1105
Killer Wireless-AC 1550: before 3.1122.1105
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU66443
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21160
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU66442
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21197
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Inadequate Encryption Strength
EUVDB-ID: #VU66441
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21139
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to inadequate encryption strength. A remote attacker on the local network can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU66437
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21172
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local administrator trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU66432
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26254
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A local administrator can trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Killer Wi-Fi 6E AX1690: before 3.1122.1105
Killer Wi-Fi 6E AX1675: before 3.1122.1105
Killer Wi-Fi 6 AX1650: before 3.1122.1105
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU66431
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44545
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Killer Wi-Fi 6E AX1690: before 3.1122.1105
Killer Wi-Fi 6E AX1675: before 3.1122.1105
Killer Wi-Fi 6 AX1650: before 3.1122.1105
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU66430
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23168
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote attacker on the local network can trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
Intel Dual Band Wireless-AC 3168: before 22.120
Intel Wireless 7265 (Rev D) Family: before 22.120
Intel Dual Band Wireless-AC 3165: before 22.120
Intel Dual Band Wireless-AC 8265: before 22.120
Intel Dual Band Wireless-AC 8260: before 22.120
Killer Wi-Fi 6E AX1690: before 3.1122.1105
Killer Wi-Fi 6E AX1675: before 3.1122.1105
Killer Wi-Fi 6 AX1650: before 3.1122.1105
Killer Wireless-AC 1550: before 3.1122.1105
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper Initialization
EUVDB-ID: #VU66428
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23223
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization. A local administrator can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Killer Wi-Fi 6E AX1690: before 3.1122.1105
Killer Wi-Fi 6E AX1675: before 3.1122.1105
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper access control
EUVDB-ID: #VU66427
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-37409
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local administrator can bypass implemented security restrictions and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6E AX411: before 22.120
Intel Wi-Fi 6E AX211: before 22.120
Intel Wi-Fi 6E AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
Killer Wi-Fi 6E AX1690: before 3.1122.1105
Killer Wi-Fi 6E AX1675: before 3.1122.1105
Killer Wi-Fi 6 AX1650: before 3.1122.1105
Killer Wireless-AC 1550: before 3.1122.1105
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66426
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21181
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local administrator to escalate privileges on the system.
The vulnerability exists due to improper input validation, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Dual Band Wireless-AC 8265: before 22.120
Intel Dual Band Wireless-AC 8260: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
Killer Wireless-AC 1550: before 3.1122.1105
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
