CVE-2025-34150 CRITICAL

CVE-2025-34150: Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Username Command Injection

Vendor Shenzhen Aitemi E Commerce Co. Ltd.
Product M300 Wi-Fi Repeater
Weakness CWE-78
Published August 7, 2025
Last update December 1, 2025

CVSS base score

9.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.

Key dates

02Disclosure timeline

August 7, 2025 CVE published
December 1, 2025 Record updated