Jared Brits

**Name of the Vulnerable Software and Affected Versions** Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) (affected versions not specified) **Description** An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater. When configuring the device in WISP mode, the `ssid` parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root, resulting in full device compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) (affected versions not specified) **Description** A command injection vulnerability exists during WPA2 configuration. The `key` parameter is directly interpreted by the system shell, allowing attackers to execute arbitrary commands as root. Exploitation requires no authentication and can be triggered during wireless setup. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) (affected versions not specified) **Description** The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater is vulnerable to command injection via the `user` parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) (affected versions not specified) **Description** A command injection vulnerability exists in the `passwd` parameter of the PPPoE setup process. Input passed to system-level commands lacks proper sanitation, allowing unauthenticated attackers to achieve root-level code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) **Description** An unauthenticated OS command injection vulnerability exists via the `time` parameter of the `/protocol.csp?` API endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. This allows for remote compromise without triggering visible configuration changes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) **Description** An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater. When configuring the device in Extender mode via its captive portal, the `extap2g` SSID field is inserted unescaped into a reboot-time shell script. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root during device reboot, leading to full system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.