CVE-2022-25916: Snyk Vulnerability Database | Snyk

**Command Injection Affecting mt7688-wiscan package, versions **<0.8.3****

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

• Snyk ID SNYK-JS-MT7688WISCAN-3177394
• published 31 Jan 2023
• disclosed 20 Dec 2022
• credit JHU System Security Lab

How to fix?

Upgrade mt7688-wiscan to version 0.8.3 or higher.

Overview

Affected versions of this package are vulnerable to Command Injection due to improper input sanitization in the ‘wiscan.scan’ function.

PoC

var wiscan = require('mt7688-wiscan');
wiscan.scan(';touch EXPLOITED;#', function(){});