From 22242aa56188f2bffcbd7d265a11e1ebb808b460 Mon Sep 17 00:00:00 2001
From: Sebastian Hildebrandt <hildebrandt@plus-innovations.com>
Date: Sat, 14 Feb 2026 11:09:05 +0100
Subject: [PATCH] wifiNetworks() fixed CWE-78 command injection issue (linux)

---
 CHANGELOG.md       |  1 +
 README.md          |  2 +-
 docs/history.html  |  6 ++++++
 docs/index.html    |  6 +++---
 docs/security.html | 16 +++++++++++++++-
 lib/wifi.js        |  4 ++--
 6 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 90f6eb6..49c277d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -90,6 +90,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
 
 | Version | Date       | Comment                                                                                             |
 | ------- | ---------- | --------------------------------------------------------------------------------------------------- |
+| 5.30.8  | 2026-02-14 | `wifiNetworks()` fixed CWE-78 command injection issue (linux)                                       |
 | 5.30.7  | 2026-01-31 | `networkInterfaces()` fixed getWindowsIEEE8021x issue (windows)                                     |
 | 5.30.6  | 2026-01-22 | `graphics()` improved nvidia-smi detection (windows)                                                |
 | 5.30.5  | 2026-01-16 | `networkInterfaces()` fix uppercase iface names (linux)                                             |
diff --git a/README.md b/README.md
index 03151f4..3c46c59 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@
 ## The Systeminformation Project
 
 This is amazing. Started as a small project just for myself, it now has > 19,000
-lines of code, > 700 versions published, up to 15 mio downloads per month, > 450
+lines of code, > 700 versions published, up to 20 mio downloads per month, > 480
 mio downloads overall. Top 10 NPM ranking for backend packages. Thank you to all
 who contributed to this project!
 
diff --git a/docs/history.html b/docs/history.html
index b09689e..a17d5c3 100644
--- a/docs/history.html
+++ b/docs/history.html
@@ -57,6 +57,12 @@
                     </tr>
                   </thead>
                   <tbody>
+                    <tr>
+                      <th scope="row">5.30.8
+                      </th>
+                      <td>2026-02-14</td>
+                      <td><span class="code">wifiNetworks()</span> fixed CWE-78 command injection issue (linux)</td>
+                    </tr>
                     <tr>
                       <th scope="row">5.30.7
                       </th>
diff --git a/docs/index.html b/docs/index.html
index 0546942..5fe6ee6 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -166,11 +166,11 @@
 <body>
   <header class="bg-image-full">
     <div class="top-container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.27.14</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.30.8</a>
       <img class="logo" src="assets/logo.png" alt="logo">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span>&nbsp;</div>
-      <div class="version">New Version: <span id="version">5.30.7</span></div>
+      <div class="version">New Version: <span id="version">5.30.8</span></div>
       <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
     </div>
     <div class="down">
@@ -212,7 +212,7 @@
           <div class="title">Downloads last month</div>
         </div>
         <div class="col-xl-4 col-lg-4 col-md-4 col-12">
-          <div class="numbers">957</div>
+          <div class="numbers">969</div>
           <div class="title">Dependents</div>
         </div>
       </div>
diff --git a/docs/security.html b/docs/security.html
index 85feb74..30e7a22 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -44,6 +44,21 @@
             <div class="col-12 sectionheader">
               <div class="title">Security Advisories</div>
               <div class="text">
+                <h2>wifiNetworks Command Injection Vulnerability</h2>
+                <p><span class="bold">Affected versions:</span>
+                  &lt; 5.30.8<br>
+                  <span class="bold">Date:</span> 2026-02-14<br>
+                  <span class="bold">CVE indentifier</span> ...
+                </p>
+
+                <h4>Impact</h4>
+                <p>We had an issue that there was a possibility to perform a potential command injection possibility by manipulating SSIDs in <span class="code">wifiNetworks()</span> on linux machines.</p>
+
+                <h4>Patch</h4>
+                <p>Problem was fixed with parameter checking. If you are using version 5, please upgrade to version >= 5.30.8.</p>
+                <hr>
+                <br>
+
                 <h2>fsSize Command Injection Vulnerability</h2>
                 <p><span class="bold">Affected versions:</span>
                   &lt; 5.27.14<br>
@@ -58,7 +73,6 @@
                 <p>Problem was fixed with parameter checking. If you are using version 5, please upgrade to version >= 5.27.14.</p>
                 <hr>
                 <br>
-
                 <h2>SSID Command Injection Vulnerability</h2>
                 <p><span class="bold">Affected versions:</span>
                   &lt; 5.23.7<br>
diff --git a/lib/wifi.js b/lib/wifi.js
index 0fd3a60..4920fe8 100644
--- a/lib/wifi.js
+++ b/lib/wifi.js
@@ -437,8 +437,8 @@ function wifiNetworks(callback) {
               const res = getWifiNetworkListIw(ifaceSanitized);
               if (res === -1) {
                 // try again after 4 secs
-                setTimeout((iface) => {
-                  const res = getWifiNetworkListIw(iface);
+                setTimeout(() => {
+                  const res = getWifiNetworkListIw(ifaceSanitized);
                   if (res !== -1) {
                     result = res;
                   }