30 matches found
PT-2026-54917
Name of the Vulnerable Software and Affected Versions Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 affected versions not specified Description An unauthenticated OS command injection exists in the commuos web backend. Network-adjacent attackers can execute arbitrary shell commands by...
EUVD-2025-23925
Malicious code in bioql PyPI...
EUVD-2025-23923
Malicious code in bioql PyPI...
EUVD-2025-23926
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2025-34152
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...
📄 Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote command injection vulnerability in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The vulnerability lies in the time parameter of the time configuration endpoint, which is passed unsanitized to a shell command executed via th...
CVE-2025-34152
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...
CVE-2025-34149
A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and c...
📄 Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated Remote Code Execution
Shenzhen Aitemi M300 Wi-Fi Repeater suffers from a remote code execution vulnerability. package main import "flag" "fmt" "io" "net/http" "net/url" "os" "strings" / Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE CVE-2025-34152 - does not require authentication even when the login panel is...
CVE-2025-34151
A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code...
CVE-2025-34152
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...
CVE-2025-34150
The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges...
CVE-2025-34148
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...
CVE-2025-34149
A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and c...
CVE-2025-34148
CVE-2025-34148 concerns an unauthenticated OS command-injection in the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware model MT02) when configured in WISP mode. The vulnerability stems from the unsanitized handling of the ssid parameter being passed to system-level scripts, enabling remote attacker...
CVE-2025-34148 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WISP SSID
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...
CVE-2025-34148 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WISP SSID
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...
CVE-2025-34149 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WPA2 Key
A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and c...
CVE-2025-34150
CVE-2025-34150 affects the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware MT02). The PPPoE configuration interface is vulnerable to command injection via the 'user' parameter; input is processed unsafely during network setup, enabling attackers to run arbitrary commands with root privileges. Repor...
CVE-2025-34151
CVE-2025-34151 affects the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware MT02) with a command injection in the PPPoE setup process. The vulnerability arises because the passwd parameter is passed directly to system‑level commands without sanitization, allowing an unauthenticated attacker to achie...