CVE-2018-3649
HIGHIntel Wireless Drivers < 20.20.2.2 - DLL Injection via Autorun.exe and Setup.exe
Title source: llmDescription
DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00126.html
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
36.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (18)
intel/dual_band_wireless-ac_3160
< 20.20.2.2
intel/dual_band_wireless-ac_3165
< 20.20.2.2
intel/dual_band_wireless-ac_3168
< 20.20.2.2
intel/dual_band_wireless-ac_7260
< 20.20.2.2
intel/dual_band_wireless-ac_7265
< 20.20.2.2
intel/dual_band_wireless-ac_8260
< 20.20.2.2
intel/dual_band_wireless-ac_8265
< 20.20.2.2
intel/dual_band_wireless-n_7260
< 20.20.2.2
intel/dual_band_wireless-n_7265
< 20.20.2.2
intel/tri-band_wireless-ac_17265
< 20.20.2.2
... and 8 more
Published
May 10, 2018
Tracked Since
Feb 18, 2026