Xailuros

**Name of the Vulnerable Software and Affected Versions** systeminformation versions prior to 5.23.7 **Description** The issue is related to the `getWindowsIEEE8021x` function in the systeminformation library for node.js, where SSIDs are not sanitized before being passed as a parameter to cmd.exe. This allows malicious content in the SSID to be executed as OS commands, potentially enabling an attacker to perform remote code execution or local privilege escalation, depending on how the package is used. The vulnerability has been exploited in a real-world scenario to escalate privileges. Millions of Node.js systems may be exposed to this attack. **Recommendations** For systeminformation versions prior to 5.23.7, upgrade to version 5.23.7 or later to address the issue. As a temporary workaround, consider restricting the use of the `getWindowsIEEE8021x` function until a patch is applied. Avoid using the `getWindowsIEEE8021x` function with untrusted SSID inputs. Restrict access to the `cmd.exe` command to minimize the risk of exploitation.