CVE-2025-34150
CVE-2025-34150
9.4
CriticalPublished:
Last updated:
Source:disclosure@vulncheck.com
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Adjacent
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- High
- Availability (Subsequent)
- High
Description
The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.
References
disclosure@vulncheck.com
https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/disclosure@vulncheck.com
https://www.aliexpress.us/item/3256806767641280.html