Remote Code Execution (RCE)

systeminformation is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of SSIDs before they are passed to cmd.exe in the getWindowsIEEE8021x function, allows potentially malicious SSID content to be executed as OS commands, leading to remote code execution...

SUSE CVE-2024-56334

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

CVE-2024-56334

A flaw was found in the systeminformation library for Node.js. In Windows systems, the SSID parameter of the getWindowsIEEE8021x function is not sanitized before it is passed to cmd.exe. This may allow a remote attacker to execute arbitrary commands on the target system. Mitigation Mitigation for...

The vulnerability of the getWindowsIEEE8021x function in the npm systeminformation package of the Node.js software platform allows a perpetrator to escalate their privileges and execute arbitrary commands.

The vulnerability of the getWindowsIEEE8021x function in the npm systeminformation package of the Node.js software platform is related to improper code generation during the processing of SSID identifiers. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute...

CVE-2024-56334

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

DEBIAN-CVE-2024-56334

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

CVE-2024-56334 Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

CVE-2024-56334

The CVE-2024-56334 issue affects the Node.js library systeminformation. Affected versions permit SSIDs to be passed unsafely to cmd.exe in getWindowsIEEE8021x, enabling potential remote code execution or local privilege escalation. The root cause is lack of sanitization of SSIDs before command ex...

CVE-2024-56334 Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

systeminformation 代码注入漏洞

systeminformation is an Npm software library that can obtain information about the operating system. A code injection vulnerability exists in systeminformation version 5.23.6 and earlier. An attacker can exploit this vulnerability to remotely execute code or elevate privileges...

PT-2024-9749

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.23.7 Description The issue is related to the getWindowsIEEE8021x function in the systeminformation library for node.js, where SSIDs are not sanitized before being passed as a parameter to cmd.exe. This...

DEBIAN-CVE-2023-42810

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to wifiConnections,...

@alwaysai/device-agent (>=0.0.1-2.1-beta-provision <=2.1.3), @best/agent (>=7.0.1 <=12.0.0) +82 more potentially affected by CVE-2023-42810 via systeminformation (>=5.0.6 <=5.21.5)

systeminformation NPM version =5.0.6, =0.0.1-2.1-beta-provision, =7.0.1, =7.0.1, =6.1.4, =6.1.4, =6.1.4, =6.1.4, =7.0.1, =6.1.4, =6.1.4, =6.1.4, =6.1.4, =6.1.4, =6.1.4, =6.1.4, =12.0.0 and more Source cves: CVE-2023-42810 Source advisory: OSV:GHSA-GX6R-QC2V-3P3V...

GHSA-GX6R-QC2V-3P3V systeminformation SSID Command Injection Vulnerability

Impact SSID Command Injection Vulnerability Patches Problem was fixed with a parameter check. Please upgrade to version = 5.21.7, Version 4 was not affected Workarounds If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections, wifiNetworks string on...

CVE-2023-42810 systeminformation SSID Command Injection Vulnerability

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to wifiConnections,...

CVE-2023-42810 systeminformation SSID Command Injection Vulnerability

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to wifiConnections,...

CVE-2023-42810

The CVE-2023-42810 vulnerability affects the Node.js library systeminformation. Versions 5.0.0 through 5.21.6 contain an SSID Command Injection flaw in wifiConnections() and wifiNetworks() that could allow an attacker to execute arbitrary commands. The issue is fixed in version 5.21.7 through a p...

CVE-2023-42810

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to wifiConnections,...

Systeminformation Command Injection Vulnerability

systeminformation is an Npm software library that can obtain operating system information. A command injection vulnerability exists in systeminformation versions 5.0.0 through 5.21.6, which stems from the presence of a command injection vulnerability...

PT-2023-28597 · Npm · Systeminformation

Name of the Vulnerable Software and Affected Versions: systeminformation versions 5.0.0 through 5.21.6 Description: The systeminformation library for Node.JS has a SSID Command Injection Vulnerability. This issue affects versions 5.0.0 through 5.21.6. The problem was fixed with a parameter check ...