OS Command Injection Vulnerability in Shenzhen Aitemi M300 Wi-Fi Repeater
CVE-2025-34148

9.4CRITICAL

Key Information:

Vendor

Shenzhen Aitemi E Commerce Co. Ltd.

Status
M300 Wi-fi Repeater
Vendor
CVE Published:
7 August 2025

Badges

👾 Exploit Exists

What is CVE-2025-34148?

An OS command injection flaw has been identified in the Shenzhen Aitemi M300 Wi-Fi Repeater (model MT02) when operated in WISP mode. This vulnerability arises from the unsanitized handling of the 'ssid' parameter, allowing unauthorized attackers within Wi-Fi range to inject malicious shell commands. Exploiting this vulnerability can lead to full compromise of the device, enabling attackers to execute commands with root privileges.

Affected Version(s)

M300 Wi-Fi Repeater *

References

https://chocapikk.com/posts/2025/when-a-wifi-name-gives-y...
technical-descriptionexploit
https://www.aliexpress.us/item/3256806767641280.html
product

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Valentin Lobstein (Chocapikk)
Jared Brits (K3ysTr0K3R)
Semih Y. (r00tm4st3r)
Dinesh Aswin S. (esistdini)
.
CVE-2025-34148 : OS Command Injection Vulnerability in Shenzhen Aitemi M300 Wi-Fi Repeater