CVE-2022-25916: Improper Neutralization of Special Elements used in a Command ('Command Injection')

February 1, 2023 (updated November 7, 2023)

Versions of the package mt7688-wiscan before 0.8.3 is vulnerable to Command Injection due to improper input sanitization in the ‘wiscan.scan’ function.

References

github.com/simenkid/mt7688-wiscan/blob/master/index.js%23L22
github.com/simenkid/mt7688-wiscan/commit/ff6d6567c65b4e972916a8fbc4533212f20a2fa5
nvd.nist.gov/vuln/detail/CVE-2022-25916
security.snyk.io/vuln/SNYK-JS-MT7688WISCAN-3177394

Detect and mitigate CVE-2022-25916 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →