CVE-2025-34150
CRITICALShenzhen Aitemi M300 Wi-Fi Repeater - Command Injection
Title source: llmDescription
The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.
References (3)
Core 3
Core References
Various Sources technical-description
exploit
https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/
Various Sources product
https://www.aliexpress.us/item/3256806767641280.html
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/shenzhen-aitemi-m300-wifi-repeater-pppoe-username-command-injection
Scores
CVSS v4
9.4
EPSS
0.0139
EPSS Percentile
68.7%
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
Shenzhen Aitemi E Commerce Co. Ltd./M300 Wi-Fi Repeater
Published
Aug 07, 2025
Tracked Since
Feb 18, 2026