CVE-2018-3649

HIGH

Intel Dual Band Wireless-ac 3160 - Uncontrolled Search Path

Title source: rule

Description

DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.

References (1)

[Vendor Advisory] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00126.html

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 36.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (18)

intel/dual_band_wireless-ac_3160 < 20.20.2.2

intel/dual_band_wireless-ac_7260 < 20.20.2.2

intel/dual_band_wireless-n_7260 < 20.20.2.2

intel/wireless-n_7260 < 20.20.2.2

intel/dual_band_wireless-ac_7265 < 20.20.2.2

intel/dual_band_wireless-n_7265 < 20.20.2.2

intel/wireless-n_7265 < 20.20.2.2

intel/dual_band_wireless-ac_3165 < 20.20.2.2

intel/dual_band_wireless-ac_3168 < 20.20.2.2

intel/tri-band_wireless-ac_17265 < 20.20.2.2

intel/dual_band_wireless-ac_8260 < 20.20.2.2

intel/tri-band_wireless-ac_18260 < 20.20.2.2

intel/dual_band_wireless-ac_8265 < 20.20.2.2

intel/tri-band_wireless-ac_18265 < 20.20.2.2

intel/wireless-ac_9260 < 20.20.2.2

... and 3 more

Timeline

Published May 10, 2018

Tracked Since Feb 18, 2026