CVE-2025-34151
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-08-07

Last updated on: 2025-11-04

Assigner: VulnCheck

Description
A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-07
Last Modified
2025-11-04
Generated
2026-05-07
AI Q&A
2025-08-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-34151
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a command injection flaw in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input provided to this parameter is not sanitized and is passed directly to system-level commands, allowing unauthenticated attackers to execute arbitrary commands with root-level privileges.


How can this vulnerability impact me? :

An attacker exploiting this vulnerability can gain root-level code execution on the affected device without authentication. This can lead to full control over the device, including modifying configurations, intercepting or disrupting network traffic, installing malicious software, or using the device as a pivot point for further attacks.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart