CVE-2025-34148
BaseFortify
Publication date: 2025-08-07
Last updated on: 2025-11-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated OS command injection in the Shenzhen Aitemi M300 Wi-Fi Repeater (model MT02). When the device is configured in WISP mode, the 'ssid' parameter is not properly sanitized before being passed to system-level scripts. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute with root privileges, leading to full device compromise.
How can this vulnerability impact me? :
An attacker within Wi-Fi range can exploit this vulnerability to execute arbitrary commands as root on the device, resulting in complete control over the device. This can lead to unauthorized access, data theft, device malfunction, or using the device as a foothold for further attacks on the network.