Command Injection Vulnerability in Shenzhen Aitemi M300 Wi-Fi Repeater
CVE-2025-34151

9.4CRITICAL

Key Information:

Vendor

Shenzhen Aitemi E Commerce Co. Ltd.

Status
M300 Wi-fi Repeater
Vendor
CVE Published:
7 August 2025

Badges

👾 Exploit Exists

What is CVE-2025-34151?

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). This flaw allows unauthenticated attackers to execute system-level commands without proper input validation, potentially leading to unauthorized root-level access. Exploiting this vulnerability can compromise the device's integrity and security, emphasizing the need for immediate remediation.

Affected Version(s)

M300 Wi-Fi Repeater *

References

https://chocapikk.com/posts/2025/when-a-wifi-name-gives-y...
technical-descriptionexploit
https://www.aliexpress.us/item/3256806767641280.html
product

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Valentin Lobstein (Chocapikk)
Jared Brits (K3ysTr0K3R)
Semih Y. (r00tm4st3r)
Dinesh Aswin S. (esistdini)
.
CVE-2025-34151 : Command Injection Vulnerability in Shenzhen Aitemi M300 Wi-Fi Repeater