Lucene search
K

30 matches found

Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54917

Name of the Vulnerable Software and Affected Versions Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 affected versions not specified Description An unauthenticated OS command injection exists in the commuos web backend. Network-adjacent attackers can execute arbitrary shell commands by...

9.8CVSS6AI score0.01671EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23925

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.01351EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23923

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.01286EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23926

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.0373EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-34152

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

9.4CVSS5.9AI score0.60875EPSS
In wildExploits5References184
Packet Storm
Packet Storm
added 2025/09/10 12:0 a.m.168 views

📄 Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote command injection vulnerability in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The vulnerability lies in the time parameter of the time configuration endpoint, which is passed unsanitized to a shell command executed via th...

9.4CVSS7.9AI score0.60875EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/08/09 5:29 p.m.9 views

CVE-2025-34152

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

9.4CVSS8AI score0.60875EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/08/09 5:29 p.m.5 views

CVE-2025-34149

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and c...

9.4CVSS8.3AI score0.01424EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/08/08 12:0 a.m.121 views

📄 Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated Remote Code Execution

Shenzhen Aitemi M300 Wi-Fi Repeater suffers from a remote code execution vulnerability. package main import "flag" "fmt" "io" "net/http" "net/url" "os" "strings" / Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE CVE-2025-34152 - does not require authentication even when the login panel is...

9.4CVSS9.8AI score0.60875EPSS
Exploits5
NVD
NVD
added 2025/08/07 5:15 p.m.8 views

CVE-2025-34151

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code...

9.4CVSS0.0373EPSS
Exploits0References3
NVD
NVD
added 2025/08/07 5:15 p.m.13 views

CVE-2025-34152

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

9.4CVSS0.60875EPSS
Exploits5References3
NVD
NVD
added 2025/08/07 5:15 p.m.8 views

CVE-2025-34150

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges...

9.4CVSS0.01351EPSS
Exploits0References3
NVD
NVD
added 2025/08/07 5:15 p.m.8 views

CVE-2025-34148

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...

9.4CVSS0.01286EPSS
Exploits0References3
NVD
NVD
added 2025/08/07 5:15 p.m.10 views

CVE-2025-34149

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and c...

9.4CVSS0.01424EPSS
Exploits0References3
CVE
CVE
added 2025/08/07 4:45 p.m.22 views

CVE-2025-34148

CVE-2025-34148 concerns an unauthenticated OS command-injection in the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware model MT02) when configured in WISP mode. The vulnerability stems from the unsanitized handling of the ssid parameter being passed to system-level scripts, enabling remote attacker...

9.4CVSS7.7AI score0.01286EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/07 4:45 p.m.11 views

CVE-2025-34148 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WISP SSID

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...

9.4CVSS0.01286EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/07 4:45 p.m.4 views

CVE-2025-34148 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WISP SSID

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...

9.4CVSS7.6AI score0.01286EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/07 4:45 p.m.14 views

CVE-2025-34149 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WPA2 Key

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and c...

9.4CVSS0.01424EPSS
Exploits0References3
CVE
CVE
added 2025/08/07 4:45 p.m.19 views

CVE-2025-34150

CVE-2025-34150 affects the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware MT02). The PPPoE configuration interface is vulnerable to command injection via the 'user' parameter; input is processed unsafely during network setup, enabling attackers to run arbitrary commands with root privileges. Repor...

9.4CVSS7.9AI score0.01351EPSS
Exploits0References3
CVE
CVE
added 2025/08/07 4:45 p.m.19 views

CVE-2025-34151

CVE-2025-34151 affects the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware MT02) with a command injection in the PPPoE setup process. The vulnerability arises because the passwd parameter is passed directly to system‑level commands without sanitization, allowing an unauthenticated attacker to achie...

9.4CVSS7.7AI score0.0373EPSS
Exploits0References3
Rows per page
Query Builder