Primary

Context

Shenzhen Aitemi M300 Wi-Fi Repeater Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the Shenzhen Aitemi M300 Wi-Fi Repeater, specifically in hardware model MT02. This vulnerability arises during the WPA2 configuration process, where the 'key' parameter is directly interpreted by the system shell. As a result, attackers can execute arbitrary commands with root privileges. The exploitation of this vulnerability does not require authentication and can be triggered during the wireless setup phase.

Impact

Exploitation of this vulnerability allows for unauthorized command execution as the root user on the affected device.

Reproduction

The vulnerability can be reproduced by injecting shell commands into the 'key' parameter while configuring WPA2 settings on the repeater. This can be done through the device's web interface, which is accessible without authentication.

Added: Aug 7, 2025, 5:40 PM

Updated: Aug 7, 2025, 5:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shenzhen Aitemi M300 Wi-Fi Repeater Command Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating