CVE-2021-0170 in PROSet
Summary
by MITRE • 02/10/2022
Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/24/2025
This vulnerability affects Intel PROSet/Wireless Wi-Fi firmware and certain Killer Wi-Fi implementations running on Windows 10 and 11 operating systems. The flaw represents a critical information disclosure issue that arises from improper handling of sensitive data within the wireless network driver components. The vulnerability stems from the firmware's failure to adequately protect confidential information during local access scenarios, creating potential exposure pathways for unauthorized actors who have authenticated access to the system.
The technical implementation of this vulnerability resides in the wireless driver firmware where sensitive configuration parameters and network credentials may be accessible through improper access controls. Attackers with local authenticated access can exploit this weakness to extract confidential data that should remain protected within the system's memory spaces. This exposure occurs due to inadequate input validation and insufficient privilege separation mechanisms within the firmware components, allowing information leakage through direct memory access or API calls that should have been restricted to authorized processes only.
From an operational perspective, this vulnerability creates significant risk for enterprise environments where wireless network configurations contain sensitive organizational data including network authentication credentials, SSID information, and configuration parameters that could be leveraged for further attacks. The impact extends beyond simple information disclosure as the leaked data could potentially enable attackers to perform network reconnaissance, conduct man-in-the-middle attacks, or establish persistent access points within the network infrastructure. The vulnerability is particularly concerning because it operates at the firmware level, making detection and remediation more complex than typical software vulnerabilities.
The security implications align with CWE-200, which addresses improper exposure of sensitive information, and maps to ATT&CK technique T1082 for system information discovery and T1566 for credential access. Organizations should implement immediate mitigations including firmware updates from Intel and Killer, proper access controls, network segmentation, and monitoring for unauthorized local access attempts. Additionally, security teams should conduct thorough vulnerability assessments of wireless network components and implement network behavior analytics to detect anomalous access patterns that might indicate exploitation attempts. The recommended remediation approach includes applying vendor-provided firmware patches, disabling unnecessary wireless features, and maintaining strict access control policies for local system access.