Intel Ax201 Firmware vulnerabilities

CVE-2021-33113 [HIGH] CWE-20 CVE-2021-33113: Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and K Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

CVE-2021-33110 [MEDIUM] CWE-20 CVE-2021-33110: Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth( Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVE-2021-33139 [MEDIUM] CWE-754 CVE-2021-33139: Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetoo Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access.

CVE-2021-33155 [MEDIUM] CWE-20 CVE-2021-33155: Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetoo Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access.

CVE-2021-33114 [MEDIUM] CWE-20 CVE-2021-33114: Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and K Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an authenticated user to potentially enable denial of service via adjacent access.

CVE-2021-0065 [HIGH] CWE-276 CVE-2021-0065: Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2021-0082 [HIGH] CWE-427 CVE-2021-0082: Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may a Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2021-0064 [HIGH] CWE-732 CVE-2021-0064: Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 1 Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2021-0078 [HIGH] CWE-20 CVE-2021-0078: Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

CVE-2021-0151 [HIGH] CVE-2021-0151: Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Blue Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2021-0071 [HIGH] CWE-20 CVE-2021-0071: Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an un Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVE-2021-0069 [MEDIUM] CWE-20 CVE-2021-0069: Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating s Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVE-2021-0063 [MEDIUM] CWE-20 CVE-2021-0063: Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVE-2021-0152 [MEDIUM] CWE-347 CVE-2021-0152: Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetoo Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

CVE-2021-0053 [MEDIUM] CWE-665 CVE-2021-0053: Improper initialization in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Wi Improper initialization in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access.

CVE-2021-0079 [MEDIUM] CWE-20 CVE-2021-0079: Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVE-2021-0075 [MEDIUM] CWE-787 CVE-2021-0075: Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow a privileged user to potentially enable denial of service via local access.

CVE-2020-24586 [LOW] CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary

CVE-2020-0569 [MEDIUM] CWE-787 CVE-2020-0569: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticat Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

CVE-2020-0554 [HIGH] CWE-362 CVE-2020-0554: Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access.