CVE-2025-34152

CRITICAL EXPLOITED NUCLEI

Shenzhen Aitemi M300 Wi-Fi Repeater - Command Injection

Title source: llm

Description

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.

Exploits (3)

nomisec WORKING POC 4 stars

by Chocapikk · remote

https://github.com/Chocapikk/CVE-2025-34152

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by kh4sh3i · remote

https://github.com/kh4sh3i/CVE-2025-34152

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Valentin Lobstein · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/aitemi_m300_time_rce.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Shenzhen Aitemi M300 Wi-Fi Repeater – Unauthenticated Remote Command Execution via `time` Parameter

CRITICALVERIFIEDby Chocapikk,DhiyaneshDk

Shodan: http.favicon.hash:-741058468 "lighttpd/1.4.32"

FOFA: icon_hash="-741058468" && server=="lighttpd/1.4.32"

References (3)

[Various Sources] https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/

[Various Sources] https://www.aliexpress.us/item/3256806767641280.html

[Third Party Advisory] https://www.vulncheck.com/advisories/shenzhen-aitemi-m300-wifi-repeater-os-command-injection-via-time-parameter

Scores

CVSS v4 9.4

EPSS 0.1553

EPSS Percentile 94.7%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Details

VulnCheck KEV 2025-09-15

CWE

CWE-78

Status published

Products (1)

Shenzhen Aitemi E Commerce Co. Ltd./M300 Wi-Fi Repeater

Published Aug 07, 2025

Tracked Since Feb 18, 2026