Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection Vulnerability

A command injection vulnerability has been identified in the Shenzhen Aitemi M300 Wi-Fi Repeater, specifically in hardware model MT02. The issue arises in the '/protocol.csp?' endpoint, where the 'time' parameter is processed by the internal date '-s' command. This vulnerability allows unauthenticated remote code execution as root, without disrupting HTTP service or requiring a device reboot. Unlike other injection points, this method enables stealthy exploitation without visible configuration changes.

Impact

Exploitation of this vulnerability leads to unauthorized remote code execution with root privileges on the affected device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/protocol.csp?' endpoint with the 'time' parameter injected with shell commands. The injected command is executed immediately, allowing for remote code execution without rebooting the device or disrupting HTTP service.