📄 Shenzhen Aitemi M300 Wi-Fi Repeater Remote Code Execution

Shenzhen Aitemi M300 Wi-Fi Repeater unauthenticated proof of concept remote code execution exploit that leverages the time parameter in protocol.csp. ============================================================================================================================================= | Tit...

EUVD-2025-23923

Malicious code in bioql PyPI...

EUVD-2025-23537

Malicious code in bioql PyPI...

EUVD-2025-23924

Malicious code in bioql PyPI...

CVE-2025-34150

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges...

CVE-2025-34148

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...

CVE-2025-34149

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and c...

CVE-2025-34148 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WISP SSID

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...

CVE-2025-34148 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WISP SSID

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...

CVE-2025-34149

CVE-2025-34149 describes a command injection in the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware model MT02) during WPA2 configuration. The vulnerable component is the handling of the WPA2 key parameter, which is interpreted by the system shell, allowing an attacker to execute arbitrary commands...

CVE-2025-34149 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WPA2 Key

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and c...

CVE-2025-34149 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WPA2 Key

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and c...

CVE-2025-34150

CVE-2025-34150 affects the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware MT02). The PPPoE configuration interface is vulnerable to command injection via the 'user' parameter; input is processed unsafely during network setup, enabling attackers to run arbitrary commands with root privileges. Repor...

CVE-2025-34150 Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Username Command Injection

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges...

CVE-2025-34150 Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Username Command Injection

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges...

CVE-2025-34151 Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Password Command Injection

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code...

EUVD-2025-23927

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

CVE-2025-34152 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

PT-2025-32277 · Aitemi · Aitemi M300 Wi-Fi Repeater

Name of the Vulnerable Software and Affected Versions: Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 Description: An unauthenticated OS command injection vulnerability exists via the time parameter of the /protocol.csp? API endpoint. The input is processed by the internal date '-s'...

PT-2025-32275 · Aitemi · Aitemi M300 Wi-Fi Repeater

Name of the Vulnerable Software and Affected Versions: Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 affected versions not specified Description: The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater is vulnerable to command injection via the user parameter. Input...