2025-08-07 16:44:59
VulnCheck
PUBLISHED
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the time parameter of the /protocol.csp? endpoint. The input is processed by the internal date -s command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.