Multiple vulnerabilities in Intel PROSet/Wireless WiFi and Killer WiFi
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2024-41168 CVE-2024-39356 CVE-2024-39606 CVE-2024-40887 CVE-2024-41166 CVE-2024-36285 CVE-2024-39271 |
| CWE-ID | CWE-416 CWE-476 CWE-20 CWE-362 CWE-121 CWE-923 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Intel Wi-Fi 7 BE200 Hardware solutions / Firmware Intel Wi-Fi 7 BE201 Hardware solutions / Firmware Intel Killer Wi-Fi 7 BE1750 Hardware solutions / Firmware Intel Wi-Fi 7 BE202 Hardware solutions / Firmware Intel Wi-Fi 6 AX200 Hardware solutions / Firmware Intel Killer Wi-Fi 6 1650x/w2 Hardware solutions / Firmware Intel Wi-Fi 6E AX210 Hardware solutions / Firmware Intel Killer Wi-Fi 6E 1675x/w2 Hardware solutions / Firmware Intel Wi-Fi 6E AX211 Hardware solutions / Firmware Intel Killer Wi-Fi 6E 1675i/s2 Hardware solutions / Firmware Intel Wi-Fi 6 AX201 Hardware solutions / Firmware Intel Killer Wi-Fi 6 1650i/s2 Hardware solutions / Firmware Intel Killer Wi-Fi 7 1750x/w2 Hardware solutions / Firmware Intel Killer Wi-Fi 7 1750i/s2 Hardware solutions / Firmware Intel Wireless-AC 9260 Hardware solutions / Firmware Intel Killer Wi-Fi 1550x/w2 Hardware solutions / Firmware Intel Wireless-AC 9560 Hardware solutions / Firmware Intel Killer Wi-Fi 1550i/s2 Hardware solutions / Firmware Intel Killer Wi-Fi 1650x/w2 Hardware solutions / Firmware Intel Killer Wi-Fi 1675x/w2 Hardware solutions / Firmware Intel Killer Wi-Fi 1675i/s2 Hardware solutions / Firmware Intel Killer Wi-Fi 1650i/s2 Hardware solutions / Firmware Intel Killer Wi-Fi 1750x/w2 Hardware solutions / Firmware Intel Killer Wi-Fi r 1750i/s2 Hardware solutions / Firmware Intel PROSet/Wireless WiFi Software for Windows Hardware solutions / Drivers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU104130
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-41168
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error. A remote attacker on the local network can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 7 BE200: All versions
Intel Wi-Fi 7 BE201: All versions
Intel Killer Wi-Fi 7 BE1750: All versions
Intel Wi-Fi 7 BE202: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 23.80
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_7_be200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_7_be1750:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be202:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU104131
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-39356
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker on the local network can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX200: All versions
Intel Killer Wi-Fi 6 1650x/w2: All versions
Intel Wi-Fi 6E AX210: All versions
Intel Killer Wi-Fi 6E 1675x/w2: All versions
Intel Wi-Fi 6E AX211: All versions
Intel Killer Wi-Fi 6E 1675i/s2: All versions
Intel Wi-Fi 6 AX201: All versions
Intel Killer Wi-Fi 6 1650i/s2: All versions
Intel Wi-Fi 7 BE200: All versions
Intel Killer Wi-Fi 7 1750x/w2: All versions
Intel Wi-Fi 7 BE201: All versions
Intel Killer Wi-Fi 7 1750i/s2: All versions
Intel Wi-Fi 7 BE202: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 23.80
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_6_ax200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_6_1650x_w2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_6e_ax210:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_6e_1675x_w2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_6e_ax211:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_6e_1675i_s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_6_ax201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_6_1650i_s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_7_1750x_w2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_7_1750i_s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be202:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU104132
Risk: Medium
CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-39606
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 7 BE200: All versions
Intel Wi-Fi 7 BE201: All versions
Intel Killer Wi-Fi 7 BE1750: All versions
Intel Wi-Fi 7 BE202: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 23.80
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_7_be200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_7_be1750:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be202:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU104133
Risk: Low
CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40887
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition. A remote attacker on the local network can exploit the race and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 7 BE200: All versions
Intel Wi-Fi 7 BE201: All versions
Intel Killer Wi-Fi 7 BE1750: All versions
Intel Wi-Fi 7 BE202: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 23.80
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_7_be200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_7_be1750:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be202:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU104134
Risk: Low
CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41166
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker on the local network can trigger stack-based buffer overflow and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIntel Wi-Fi 7 BE200: All versions
Intel Wi-Fi 7 BE201: All versions
Intel Killer Wi-Fi 7 BE1750: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 23.80
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_7_be200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_7_be1750:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Race condition
EUVDB-ID: #VU104135
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36285
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition. A local user can exploit the race and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 7 BE200: All versions
Intel Wi-Fi 7 BE201: All versions
Intel Killer Wi-Fi 7 BE1750: All versions
Intel Wi-Fi 7 BE202: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 23.80
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_7_be200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_7_be1750:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be202:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper restriction of communication channel to intended endpoints
EUVDB-ID: #VU104136
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39271
CWE-ID:
CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper restriction of communication channel to intended endpoints. A remote attacker on the local network can gain access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wireless-AC 9260: All versions
Intel Killer Wi-Fi 1550x/w2: All versions
Intel Wireless-AC 9560: All versions
Intel Killer Wi-Fi 1550i/s2: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Killer Wi-Fi 1650x/w2: All versions
Intel Wi-Fi 6E AX210: All versions
Intel Killer Wi-Fi 1675x/w2: All versions
Intel Wi-Fi 6E AX211: All versions
Intel Killer Wi-Fi 1675i/s2: All versions
Intel Wi-Fi 6 AX201: All versions
Intel Killer Wi-Fi 1650i/s2: All versions
Intel Wi-Fi 7 BE200: All versions
Intel Killer Wi-Fi 1750x/w2: All versions
Intel Wi-Fi 7 BE201: All versions
Intel Killer Wi-Fi r 1750i/s2: All versions
Intel Wi-Fi 7 BE202: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 23.80
CPE2.3- cpe:2.3:h:intel:intel_wireless-ac_9260:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_1550x_w2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless-ac_9560:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_1550i_s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_6_ax200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_1650x_w2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_6e_ax210:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_1675x_w2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_6e_ax211:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_1675i_s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_6_ax201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_1650i_s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_1750x_w2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi_r_1750i_s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_7_be202:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
