Critical severityNVD Advisory· Published Aug 4, 2025· Updated Apr 15, 2026

CVE-2025-34147

Description

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in Extender mode via its captive portal, the extap2g SSID field is inserted unescaped into a reboot-time shell script. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root during device reboot, leading to full system compromise.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root/nvd
www.aliexpress.us/item/3256806767641280.htmlnvd
www.vulncheck.com/advisories/shenzhen-aitemi-m300-wifi-repeater-os-command-injection-via-ssidnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000