← back
CVE-2025-34152

Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter

CVSS 9.4 CRITICALEPSS 61.7%CWE-78
Vexday Risk Score
75High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.4EPSS 61.7%KEV nãoPoC públicaNuclei simMetasploit simPatch
Lifecycle
07 Aug 2025Metasploit module available
07 Aug 2025Published on NVD
07 Aug 2025Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
Shenzhen Aitemi E Commerce Co. Ltd. · M300 Wi-Fi Repeater
public PoCs found3
githubgithub.com/Chocapikk/CVE-2025-341525githubgithub.com/kh4sh3i/CVE-2025-341522cve_referencechocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/https://www.aliexpress.us/item/3256806767641280.htmlhttps://www.vulncheck.com/advisories/shenzhen-aitemi-m300-wifi-repeater-os-command-injection-via-time-parameter