CVE-2025-34147

Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via SSID

CVSS 9.4 CRITICALEPSS 1.1%CWE-78

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in Extender mode via its captive portal, the extap2g SSID field is inserted unescaped into a reboot-time shell script. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root during device reboot, leading to full system compromise.

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Shenzhen Aitemi E Commerce Co. Ltd. · M300 Wi-Fi Repeater

public PoCs found — 1

cve_referencechocapikk.com/posts/2025/when-a-wifi-name-gives-you-root/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root/https://www.aliexpress.us/item/3256806767641280.html https://www.vulncheck.com/advisories/shenzhen-aitemi-m300-wifi-repeater-os-command-injection-via-ssid