Mom3Gool

**Name of the Vulnerable Software and Affected Versions** systeminformation versions prior to 5.30.8 **Description** The software contains a command injection issue in the `wifiNetworks()` function. This allows an attacker to execute arbitrary OS commands through an unsanitized network interface parameter during a retry process. Specifically, the `wifiNetworks()` function sanitizes the `iface` parameter initially, but a subsequent retry call to `getWifiNetworkListIw(iface)` uses the original, unsanitized `iface` value. This unsanitized value is then passed directly to the `execSync('iwlist ${iface} scan')` command. Any application providing user-controlled input to the `si.wifiNetworks()` function is susceptible to arbitrary command execution with the privileges of the Node.js process. The vulnerable code is located in `lib/wifi.js` lines 440-441. **Recommendations** Versions prior to 5.30.8 should be updated to version 5.30.8 or later.