title: Windows Wi-Fi Driver Remote Code Execution via Adjacent Network (CVE-2024-30078)
id: df00tech-cve-2024-30078
status: experimental
description: "CVE-2024-30078 is a high-severity (CVSS 8.8) remote code execution vulnerability in the Windows Wi-Fi Driver. An unauthenticated attacker within Wi-Fi radio range of a target can execute arbitrary code on the victim's device by sending a specially crafted network packet. No user interaction is required. The attack vector is 'Adjacent Network' (AV:A), meaning the attacker must be on the same network segment or within Wi-Fi broadcast range. All supported Windows versions are affected (Windows 10, 11, Server 2008–2022). This vulnerability is particularly relevant for SMB environments where employees work in shared offices, co-working spaces, hotels, or coffee shops — any shared Wi-Fi environment with other devices in range becomes a potential attack surface. Despite no confirmed in-the-wild exploitation at time of disclosure, the lack of user interaction makes it a high-priority patch."
references:
  - https://attack.mitre.org/techniques/CVE-2024-30078/
  - https://df00tech.com/detections/CVE-2024-30078
author: df00tech
date: 2026/04/22
tags:
  - attack.cve-2024-30078
  - cve.2024-30078
# NOTE: logsource is auto-derived and may need adjustment for your environment
logsource:
  category: process_creation
  product: windows
detection:
  # This detection logic could not be auto-translated; see the KQL/SPL query on df00tech.
  selection:
    EventID: '*'
  condition: selection
falsepositives:
  - Wi-Fi provisioning services spawning helper processes during network profile management
  - Corporate Wi-Fi onboarding agents that run post-connection scripts
  - Windows WLAN AutoConfig service making cloud service connections for network intelligence
level: high