Critical severityNVD Advisory· Published Aug 7, 2025· Updated Apr 15, 2026

CVE-2025-34152

Description

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/nvd
www.aliexpress.us/item/3256806767641280.htmlnvd
www.vulncheck.com/advisories/shenzhen-aitemi-m300-wifi-repeater-os-command-injection-via-time-parameternvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000