CVE-2023-42810

Name of the Vulnerable Software and Affected Versions systeminformation versions 5.0.0 through 5.21.6

Description The systeminformation library for Node.JS has a SSID Command Injection Vulnerability. This issue affects versions 5.0.0 through 5.21.6. The problem was fixed with a parameter check in version 5.21.7. The vulnerability can be exploited through the wifiConnections() and wifiNetworks() functions, specifically when passing string parameters. It is estimated that the library has 8 monthly downloads, potentially affecting a significant number of devices.

Recommendations For versions 5.0.0 through 5.21.6, upgrade to version 5.21.7 or later to resolve the issue. As a temporary workaround for versions 5.0.0 through 5.21.6, check or sanitize parameter strings that are passed to wifiConnections() and wifiNetworks() (string only).