Security Advisory

CVE-2025-34152

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-07 16:44:59

Last updated 2025-12-01 16:32:10

Assigner VulnCheck

State PUBLISHED

Description

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the time parameter of the /protocol.csp? endpoint. The input is processed by the internal date -s command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.

← Browse all CVEs View on cve.org ↗