Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WPA2...

9.4 / 10

CRITICAL

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and can be triggered during wireless setup.

Basic Information

ID CVE-2025-34149

Source VulnCheck

Published Aug 7, 2025 at 16:45

Affected Product

Vendor Shenzhen Aitemi E Commerce Co. Ltd.

Product M300 Wi-Fi Repeater

Version *

Affected Versions Shenzhen Aitemi E Commerce Co. Ltd. M300 Wi-Fi Repeater *

CWE Classification

CWE-78

References

{
    "lastseen": "",
    "description": "A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and can be triggered during wireless setup.",
    "published": "2025-08-07T16:45:18.731Z",
    "modified": "2025-08-07T16:45:18.731Z",
    "type": "cve",
    "title": "Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WPA2 Key",
    "source": "VulnCheck",
    "references": "https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/\nhttps://www.aliexpress.us/item/3256806767641280.html",
    "id": "CVE-2025-34149",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Shenzhen Aitemi E Commerce Co. Ltd. M300 Wi-Fi Repeater *",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "M300 Wi-Fi Repeater",
    "version": "*",
    "vendor": "Shenzhen Aitemi E Commerce Co. Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WPA2 Key_CVE-2025-34149