CVE-2021-0072 in PROSet
Summary
by MITRE • 02/10/2022
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable information disclosure via local access.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 08/24/2025
This vulnerability resides in the firmware components of Intel PROSet/Wireless Wi-Fi drivers and certain Killer Wi-Fi implementations running on Windows 10 and 11 operating systems. The core issue stems from inadequate input validation mechanisms within the wireless driver firmware that processes user-supplied data during configuration operations. When a privileged user executes specific commands or inputs malformed data through the wireless management interface, the system fails to properly validate the incoming parameters before processing them. This weakness creates an information disclosure pathway that allows an attacker with local administrative privileges to extract sensitive data from the wireless driver's memory space or configuration structures.
The technical flaw manifests as a classic buffer over-read condition combined with insufficient parameter sanitization. When the firmware receives input from the management application, it does not adequately verify the length, format, or content of the data before attempting to parse or store it. This allows an authenticated user to craft malicious inputs that cause the driver to read beyond allocated memory boundaries or access protected configuration parameters. The vulnerability specifically affects the wireless network configuration interfaces where users can modify network settings, connection profiles, or security parameters through the graphical management console or command-line utilities.
From an operational perspective, this vulnerability represents a significant risk to enterprise environments where privileged users may have elevated access to wireless network configurations. The local access requirement means that an attacker must already possess administrative credentials on the target system, but this privilege escalation path can be leveraged in combination with other attack vectors. The information disclosure impacts include potential exposure of wireless network credentials, configuration parameters, encryption keys, or system identifiers that could facilitate further attacks. This vulnerability aligns with CWE-20, which covers improper input validation, and demonstrates the risks associated with insufficient sanitization of user inputs in firmware components.
The attack surface extends beyond simple information disclosure to potentially enable more sophisticated attacks such as privilege escalation or lateral movement within a network. Security professionals should consider this vulnerability in the context of ATT&CK framework's T1059.001 (Command and Scripting Interpreter) and T1566 (Phishing) techniques, as an attacker could use the information disclosed to craft more targeted attacks against other systems. Organizations should implement immediate mitigations including firmware updates from Intel and Killer, along with monitoring for anomalous configuration changes or unauthorized access attempts to wireless network settings. The vulnerability underscores the critical importance of firmware security validation and proper input sanitization in network driver implementations, particularly those handling sensitive wireless configuration data.