Command Injection Vulnerability in Shenzhen Aitemi M300 Wi-Fi Repeater
CVE-2025-34150

9.4CRITICAL

Key Information:

Vendor: Shenzhen Aitemi E Commerce Co. Ltd.
Status: M300 Wi-fi Repeater
Vendor: CVE Published:; 7 August 2025

🔔 Create Shenzhen Aitemi E Commerce Co. Ltd. Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-34150?

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater is susceptible to a command injection flaw via an unsafe 'user' parameter. During network setup, this flaw allows attackers to input malicious commands, granting them the ability to execute arbitrary system commands with root privileges, potentially compromising the device and the network it's connected to.

Affected Version(s)

M300 Wi-Fi Repeater *

References

https://chocapikk.com/posts/2025/when-a-wifi-name-gives-y...

technical-descriptionexploit

https://www.aliexpress.us/item/3256806767641280.html

product

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 7, 2025
👾
Exploit known to exist
Aug 7, 2025
Vulnerability published
Aug 7, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Valentin Lobstein (Chocapikk)

Jared Brits (K3ysTr0K3R)

Semih Y. (r00tm4st3r)

Dinesh Aswin S. (esistdini)