CVE-2025-34150

Critical CVSS 9.4

Overview

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.

CWE: CWE-78 Published: 2025-08-07T17:15:28.870

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.4 (CRITICAL)
Detected tags: command_injection (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags