wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15362
Reference (s):
- https://github.com/thingsSDK/wifiscanner/issues/1