CVE-2018-3649
First published: Wed May 02 2018(Updated: )
DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Dual Band Wireless-ac 3160 | <20.20.2.2 | |
| Intel Dual Band Wireless-ac 3160 | ||
| Intel Dual Band Wireless-ac 7260 | <20.20.2.2 | |
| Intel Dual Band Wireless-ac 7260 | ||
| Intel Dual Band Wireless-n 7260 | <20.20.2.2 | |
| Intel Dual Band Wireless-n 7260 | ||
| Intel Wireless-n 7260 | <20.20.2.2 | |
| Intel Wireless-n 7260 | ||
| Intel Dual Band Wireless-ac 7265 | <20.20.2.2 | |
| Intel Dual Band Wireless-ac 7265 | ||
| Intel Dual Band Wireless-n 7265 | <20.20.2.2 | |
| Intel Dual Band Wireless-n 7265 | ||
| Intel Wireless-n 7265 | <20.20.2.2 | |
| Intel Wireless-n 7265 | ||
| Intel Dual Band Wireless-ac 3165 | <20.20.2.2 | |
| Intel Dual Band Wireless-ac 3165 | ||
| Intel Dual Band Wireless-ac 3168 | <20.20.2.2 | |
| Intel Dual Band Wireless-ac 3168 | ||
| Intel Tri-band Wireless-ac 17265 | <20.20.2.2 | |
| Intel Tri-band Wireless-ac 17265 | ||
| Intel Dual Band Wireless-ac 8260 | <20.20.2.2 | |
| Intel Dual Band Wireless-ac 8260 | ||
| Intel Tri-band Wireless-ac 18260 | <20.20.2.2 | |
| Intel Tri-band Wireless-ac 18260 | ||
| Intel Dual Band Wireless-ac 8265 | <20.20.2.2 | |
| Intel Dual Band Wireless-ac 8265 | ||
| Intel Tri-band Wireless-ac 18265 | <20.20.2.2 | |
| Intel Tri-band Wireless-ac 18265 | ||
| Intel Wireless-ac 9260 | <20.20.2.2 | |
| Intel Wireless-ac 9260 | ||
| Intel Wireless-ac 9560 | <20.20.2.2 | |
| Intel Wireless-ac 9560 | ||
| Intel Wireless-ac 9461 | <20.20.2.2 | |
| Intel Wireless-ac 9461 | ||
| Intel Wireless-ac 9462 | <20.20.2.2 | |
| Intel Wireless-ac 9462 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this security vulnerability?
The vulnerability ID of this security vulnerability is CVE-2018-3649.
What is the severity of CVE-2018-3649?
The severity of CVE-2018-3649 is high with a severity value of 7.8.
Which software is affected by CVE-2018-3649?
The affected software includes Intel Dual Band Wireless-AC, Tri-Band Wireless-AC, and Wireless-AC family of products.
How can this vulnerability be exploited?
The vulnerability can be exploited through DLL injection in Intel's wireless drivers and related software installation executables (Autorun.exe and Setup.exe).
Is there a fix available for CVE-2018-3649?
Yes, Intel has released a security advisory and provided mitigations for this vulnerability. Please refer to the reference link for more information.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/type
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/intel
- canonical/intel dual band wireless-ac 3160
- canonical/intel dual band wireless-ac 7260
- canonical/intel dual band wireless-n 7260
- canonical/intel wireless-n 7260
- canonical/intel dual band wireless-ac 7265
- canonical/intel dual band wireless-n 7265
- canonical/intel wireless-n 7265
- canonical/intel dual band wireless-ac 3165
- canonical/intel dual band wireless-ac 3168
- canonical/intel tri-band wireless-ac 17265
- canonical/intel dual band wireless-ac 8260
- canonical/intel tri-band wireless-ac 18260
- canonical/intel dual band wireless-ac 8265
- canonical/intel tri-band wireless-ac 18265
- canonical/intel wireless-ac 9260
- canonical/intel wireless-ac 9560
- canonical/intel wireless-ac 9461
- canonical/intel wireless-ac 9462