Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Username Command Injection

9.4 / 10

CRITICAL

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.

Basic Information

ID CVE-2025-34150

Source VulnCheck

Published Aug 7, 2025 at 16:45

Affected Product

Vendor Shenzhen Aitemi E Commerce Co. Ltd.

Product M300 Wi-Fi Repeater

Version *

Affected Versions Shenzhen Aitemi E Commerce Co. Ltd. M300 Wi-Fi Repeater *

CWE Classification

CWE-78

References

{
    "lastseen": "",
    "description": "The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.",
    "published": "2025-08-07T16:45:11.991Z",
    "modified": "2025-08-07T16:45:11.991Z",
    "type": "cve",
    "title": "Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Username Command Injection",
    "source": "VulnCheck",
    "references": "https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/\nhttps://www.aliexpress.us/item/3256806767641280.html",
    "id": "CVE-2025-34150",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Shenzhen Aitemi E Commerce Co. Ltd. M300 Wi-Fi Repeater *",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "M300 Wi-Fi Repeater",
    "version": "*",
    "vendor": "Shenzhen Aitemi E Commerce Co. Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Username Command Injection_CVE-2025-34150