wifiNetworks() fixed CWE-78 command injection issue (linux)

Author: sebhildebrandt

CHANGELOG.md

@@ -90,6 +90,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
 
 | Version | Date       | Comment                                                                                             |
 | ------- | ---------- | --------------------------------------------------------------------------------------------------- |
+| 5.30.8  | 2026-02-14 | `wifiNetworks()` fixed CWE-78 command injection issue (linux)                                       |
 | 5.30.7  | 2026-01-31 | `networkInterfaces()` fixed getWindowsIEEE8021x issue (windows)                                     |
 | 5.30.6  | 2026-01-22 | `graphics()` improved nvidia-smi detection (windows)                                                |
 | 5.30.5  | 2026-01-16 | `networkInterfaces()` fix uppercase iface names (linux)                                             |

README.md

@@ -31,7 +31,7 @@
 ## The Systeminformation Project
 
 This is amazing. Started as a small project just for myself, it now has > 19,000
-lines of code, > 700 versions published, up to 15 mio downloads per month, > 450
+lines of code, > 700 versions published, up to 20 mio downloads per month, > 480
 mio downloads overall. Top 10 NPM ranking for backend packages. Thank you to all
 who contributed to this project!
 

docs/history.html

@@ -57,6 +57,12 @@ <h3>Full version history</h3>
                     </tr>
                   </thead>
                   <tbody>
+                    <tr>
+                      <th scope="row">5.30.8
+                      </th>
+                      <td>2026-02-14</td>
+                      <td><span class="code">wifiNetworks()</span> fixed CWE-78 command injection issue (linux)</td>
+                    </tr>
                     <tr>
                       <th scope="row">5.30.7
                       </th>

docs/index.html

@@ -166,11 +166,11 @@
 <body>
   <header class="bg-image-full">
     <div class="top-container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.27.14</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.30.8</a>
       <img class="logo" src="assets/logo.png" alt="logo">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span>&nbsp;</div>
-      <div class="version">New Version: <span id="version">5.30.7</span></div>
+      <div class="version">New Version: <span id="version">5.30.8</span></div>
       <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
     </div>
     <div class="down">
@@ -212,7 +212,7 @@
           <div class="title">Downloads last month</div>
         </div>
         <div class="col-xl-4 col-lg-4 col-md-4 col-12">
-          <div class="numbers">957</div>
+          <div class="numbers">969</div>
           <div class="title">Dependents</div>
         </div>
       </div>

docs/security.html

@@ -44,6 +44,21 @@
             <div class="col-12 sectionheader">
               <div class="title">Security Advisories</div>
               <div class="text">
+                <h2>wifiNetworks Command Injection Vulnerability</h2>
+                <p><span class="bold">Affected versions:</span>
+                  &lt; 5.30.8<br>
+                  <span class="bold">Date:</span> 2026-02-14<br>
+                  <span class="bold">CVE indentifier</span> ...
+                </p>
+
+                <h4>Impact</h4>
+                <p>We had an issue that there was a possibility to perform a potential command injection possibility by manipulating SSIDs in <span class="code">wifiNetworks()</span> on linux machines.</p>
+
+                <h4>Patch</h4>
+                <p>Problem was fixed with parameter checking. If you are using version 5, please upgrade to version >= 5.30.8.</p>
+                <hr>
+                <br>
+
                 <h2>fsSize Command Injection Vulnerability</h2>
                 <p><span class="bold">Affected versions:</span>
                   &lt; 5.27.14<br>
@@ -58,7 +73,6 @@ <h4>Patch</h4>
                 <p>Problem was fixed with parameter checking. If you are using version 5, please upgrade to version >= 5.27.14.</p>
                 <hr>
                 <br>
-
                 <h2>SSID Command Injection Vulnerability</h2>
                 <p><span class="bold">Affected versions:</span>
                   &lt; 5.23.7<br>

lib/wifi.js

@@ -437,8 +437,8 @@ function wifiNetworks(callback) {
               const res = getWifiNetworkListIw(ifaceSanitized);
               if (res === -1) {
                 // try again after 4 secs
-                setTimeout((iface) => {
-                  const res = getWifiNetworkListIw(iface);
+                setTimeout(() => {
+                  const res = getWifiNetworkListIw(ifaceSanitized);
                   if (res !== -1) {
                     result = res;
                   }