Shenzhen Aitemi M300 Wi-Fi Repeater Command Injection Vulnerability in PPPoE Configuration Interface
Vulnerability
A command injection vulnerability has been identified in the PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater, specifically in hardware model MT02. The vulnerability arises because the 'user' parameter is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges. This issue is particularly concerning as the device is exposed on the public Internet without any login requirements, enabling unauthenticated access to the command injection vulnerability.
Impact
Exploitation of this vulnerability allows for unauthorized command execution as the root user on the affected device.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/protocol.csp' endpoint with the 'user' parameter injected with malicious payloads. The injected command is executed with root privileges, and the device can be exploited to establish a reverse shell or bind shell, providing persistent access without disrupting the device's normal operation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.