CVE-2025-34148

Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WISP SSID

CVSS 9.4 CRITICALEPSS 1.3%CWE-78

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root, resulting in full device compromise.

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Shenzhen Aitemi E Commerce Co. Ltd. · M300 Wi-Fi Repeater

public PoCs found — 1

cve_referencechocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/https://www.aliexpress.us/item/3256806767641280.html https://www.vulncheck.com/advisories/shenzhen-aitemi-m300-wifi-repeater-os-command-injection-via-wisp-ssid