cbcvebase.

Shenzhen Aitemi E Commerce Co Ltd M300 Wi-Fi Repeater vulnerabilities

6 known vulnerabilities affecting shenzhen_aitemi_e_commerce_co_ltd/m300_wi-fi_repeater.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL6

Vulnerabilities

Page 1 of 1
CVE-2025-34152P1CRITICALCVSS 9.4ExploitedPoCv*2025-08-07
CVE-2025-34152 [CRITICAL] CWE-78 CVE-2025-34152: An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repea An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compr
nvd
CVE-2025-34149P2CRITICALCVSS 9.4v*2025-08-07
CVE-2025-34149 [CRITICAL] CWE-78 CVE-2025-34149: A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and can be triggered during wireless setup.
nvd
CVE-2025-34148P2CRITICALCVSS 9.4v*2025-08-07
CVE-2025-34148 [CRITICAL] CWE-78 CVE-2025-34148: An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repea An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root, resultin
nvd
CVE-2025-34150P2CRITICALCVSS 9.4v*2025-08-07
CVE-2025-34150 [CRITICAL] CWE-78 CVE-2025-34150: The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) i The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.
nvd
CVE-2025-34147P2CRITICALCVSS 9.4v*2025-08-04
CVE-2025-34147 [CRITICAL] CWE-78 CVE-2025-34147: An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repea An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in Extender mode via its captive portal, the extap2g SSID field is inserted unescaped into a reboot-time shell script. This allows remote attackers within Wi-Fi range to inject arbitrary shell co
nvd
CVE-2025-34151P2CRITICALCVSS 9.4v*2025-08-07
CVE-2025-34151 [CRITICAL] CWE-78 CVE-2025-34151: A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code execution.
nvd
Shenzhen Aitemi E Commerce Co Ltd M300 Wi-Fi Repeater vulnerabilities | cvebase