mike/systeminformation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wifiNetworks() fixed CWE-78 command injection issue (linux)

Browse Source
This commit is contained in:
Sebastian Hildebrandt 2026-02-14 11:09:05 +01:00
parent 41c7ea4ff8
commit 22242aa561
6 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -90,6 +90,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
| Version | Date | Comment | | Version | Date | Comment |
| ------- | ---------- | --------------------------------------------------------------------------------------------------- | | ------- | ---------- | --------------------------------------------------------------------------------------------------- |
| 5.30.8 | 2026-02-14 | `wifiNetworks()` fixed CWE-78 command injection issue (linux) |
| 5.30.7 | 2026-01-31 | `networkInterfaces()` fixed getWindowsIEEE8021x issue (windows) | | 5.30.7 | 2026-01-31 | `networkInterfaces()` fixed getWindowsIEEE8021x issue (windows) |
| 5.30.6 | 2026-01-22 | `graphics()` improved nvidia-smi detection (windows) | | 5.30.6 | 2026-01-22 | `graphics()` improved nvidia-smi detection (windows) |
| 5.30.5 | 2026-01-16 | `networkInterfaces()` fix uppercase iface names (linux) | | 5.30.5 | 2026-01-16 | `networkInterfaces()` fix uppercase iface names (linux) |

2
README.md
View File

@ -31,7 +31,7 @@
## The Systeminformation Project ## The Systeminformation Project
This is amazing. Started as a small project just for myself, it now has > 19,000 This is amazing. Started as a small project just for myself, it now has > 19,000
lines of code, > 700 versions published, up to 15 mio downloads per month, > 450 lines of code, > 700 versions published, up to 20 mio downloads per month, > 480
mio downloads overall. Top 10 NPM ranking for backend packages. Thank you to all mio downloads overall. Top 10 NPM ranking for backend packages. Thank you to all
who contributed to this project! who contributed to this project!

6
docs/history.html
View File

@ -57,6 +57,12 @@
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr>
<th scope="row">5.30.8
</th>
<td>2026-02-14</td>
<td><span class="code">wifiNetworks()</span> fixed CWE-78 command injection issue (linux)</td>
</tr>
<tr> <tr>
<th scope="row">5.30.7 <th scope="row">5.30.7
</th> </th>

6
docs/index.html
View File

@ -166,11 +166,11 @@
<body> <body>
<header class="bg-image-full"> <header class="bg-image-full">
<div class="top-container"> <div class="top-container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v5.27.14</a> <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.30.8</a>
<img class="logo" src="assets/logo.png" alt="logo"> <img class="logo" src="assets/logo.png" alt="logo">
<div class="title">systeminformation</div> <div class="title">systeminformation</div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div> <div class="subtitle"><span id="typed"></span>&nbsp;</div>
<div class="version">New Version: <span id="version">5.30.7</span></div> <div class="version">New Version: <span id="version">5.30.8</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button> <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div> </div>
<div class="down"> <div class="down">
@ -212,7 +212,7 @@
<div class="title">Downloads last month</div> <div class="title">Downloads last month</div>
</div> </div>
<div class="col-xl-4 col-lg-4 col-md-4 col-12"> <div class="col-xl-4 col-lg-4 col-md-4 col-12">
<div class="numbers">957</div> <div class="numbers">969</div>
<div class="title">Dependents</div> <div class="title">Dependents</div>
</div> </div>
</div> </div>

16
docs/security.html
View File

@ -44,6 +44,21 @@
<div class="col-12 sectionheader"> <div class="col-12 sectionheader">
<div class="title">Security Advisories</div> <div class="title">Security Advisories</div>
<div class="text"> <div class="text">
<h2>wifiNetworks Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.30.8<br>
<span class="bold">Date:</span> 2026-02-14<br>
<span class="bold">CVE indentifier</span> ...
</p>
<h4>Impact</h4>
<p>We had an issue that there was a possibility to perform a potential command injection possibility by manipulating SSIDs in <span class="code">wifiNetworks()</span> on linux machines.</p>
<h4>Patch</h4>
<p>Problem was fixed with parameter checking. If you are using version 5, please upgrade to version >= 5.30.8.</p>
<hr>
<br>
<h2>fsSize Command Injection Vulnerability</h2> <h2>fsSize Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span> <p><span class="bold">Affected versions:</span>
&lt; 5.27.14<br> &lt; 5.27.14<br>
@ -58,7 +73,6 @@
<p>Problem was fixed with parameter checking. If you are using version 5, please upgrade to version >= 5.27.14.</p> <p>Problem was fixed with parameter checking. If you are using version 5, please upgrade to version >= 5.27.14.</p>
<hr> <hr>
<br> <br>
<h2>SSID Command Injection Vulnerability</h2> <h2>SSID Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span> <p><span class="bold">Affected versions:</span>
&lt; 5.23.7<br> &lt; 5.23.7<br>

4
lib/wifi.js
View File

@ -437,8 +437,8 @@ function wifiNetworks(callback) {
const res = getWifiNetworkListIw(ifaceSanitized); const res = getWifiNetworkListIw(ifaceSanitized);
if (res === -1) { if (res === -1) {
// try again after 4 secs // try again after 4 secs
setTimeout((iface) => { setTimeout(() => {
const res = getWifiNetworkListIw(iface); const res = getWifiNetworkListIw(ifaceSanitized);
if (res !== -1) { if (res !== -1) {
result = res; result = res;
} }