CVE-2025-34149

Vulnerability Description

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and can be triggered during wireless setup.

Related Weaknesses (CWE)

CWE-78

References

https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/
https://www.aliexpress.us/item/3256806767641280.html
https://www.vulncheck.com/advisories/shenzhen-aitemi-m300-wifi-repeater-os-comma

FAQ

What is CVE-2025-34149?

CVE-2025-34149 is a documented vulnerability. A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enab...

How severe is CVE-2025-34149?

CVSS scoring is not yet available for CVE-2025-34149. Check NVD for updates.

Is there a patch for CVE-2025-34149?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.