CVE-2023-42810
published 2023-09-21CVE-2023-42810: systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed…
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.84%
76.3th percentile
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sebhildebrandt | systeminformation | — | — |
| systeminformation | systeminformation | >= 5.0.0 < 5.21.7 | 5.21.7 |
| systeminformation | systeminformation | >= 5.0.0 < 5.21.7 | 5.21.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
systeminformation SSID Command Injection Vulnerability
osv·2023-09-21
CVE-2023-42810 [CRITICAL] systeminformation SSID Command Injection Vulnerability
systeminformation SSID Command Injection Vulnerability
### Impact
SSID Command Injection Vulnerability
### Patches
Problem was fixed with a parameter check. Please upgrade to version >= 5.21.7, Version 4 was not affected
### Workarounds
If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only)
### References
See also https://systeminformation.io/security.html
GHSA
systeminformation SSID Command Injection Vulnerability
ghsa·2023-09-21
CVE-2023-42810 [CRITICAL] CWE-77 systeminformation SSID Command Injection Vulnerability
systeminformation SSID Command Injection Vulnerability
### Impact
SSID Command Injection Vulnerability
### Patches
Problem was fixed with a parameter check. Please upgrade to version >= 5.21.7, Version 4 was not affected
### Workarounds
If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only)
### References
See also https://systeminformation.io/security.html
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3vhttps://systeminformation.io/security.htmlhttps://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3vhttps://systeminformation.io/security.html
2023-09-21
Published