CVE-2025-34150

critical

Description

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.

References

https://www.vulncheck.com/advisories/shenzhen-aitemi-m300-wifi-repeater-pppoe-username-command-injection

https://www.aliexpress.us/item/3256806767641280.html

https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/

Details

Source: Mitre, NVD

Published: 2025-08-07

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.4

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Severity: Critical

EPSS

EPSS: 0.00661