CVE-2025-34147 is a critical OS command injection vulnerability affecting the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The vulnerability arises from improper neutralization of special elements in the extap2g SSID field when the device is configured in Extender mode via its captive portal. Specifically, the extap2g SSID input is inserted unescaped into a shell script that runs at reboot. Because this input is not sanitized, a remote attacker within Wi-Fi range can inject arbitrary shell commands that execute with root privileges during device reboot. This leads to full system compromise, allowing the attacker to execute any commands on the device, potentially gaining persistent control or pivoting to other network assets. The vulnerability requires no authentication or user interaction, making it highly exploitable. The CVSS 4.0 base score is 9.4 (critical), reflecting the high impact on confidentiality, integrity, and availability, as well as the ease of exploitation. No patches are currently available, and no known exploits have been reported in the wild yet. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), a common and dangerous class of injection flaws. Given the device’s role as a Wi-Fi repeater, exploitation could disrupt network connectivity or be leveraged to launch further attacks within the local network environment.

For European organizations, this vulnerability poses a significant risk especially for those deploying Shenzhen Aitemi M300 Wi-Fi Repeaters in office or branch environments. Successful exploitation can lead to full compromise of the repeater device, enabling attackers to intercept, manipulate, or disrupt network traffic passing through the device. This can result in data breaches, lateral movement within corporate networks, and potential disruption of business operations due to network outages. The fact that exploitation requires only proximity (Wi-Fi range) means attackers do not need network credentials or physical access, increasing the threat surface in public or semi-public environments. Organizations in sectors with high security requirements, such as finance, healthcare, and critical infrastructure, could face severe confidentiality and availability impacts. Additionally, compromised devices could be used as footholds for launching attacks against other internal systems or as part of botnets, amplifying the threat landscape.

Immediate mitigation steps include: 1) Removing or disabling the use of the extap2g SSID configuration in Extender mode until a vendor patch is available. 2) Restricting physical and wireless access to the device by implementing strong Wi-Fi segmentation and limiting Wi-Fi range exposure, such as reducing transmit power or placing repeaters in secure locations. 3) Monitoring network traffic for unusual activity originating from the repeater device. 4) If possible, replacing Shenzhen Aitemi M300 devices with alternative hardware from vendors with timely security updates. 5) Applying network-level controls such as Wireless Intrusion Detection Systems (WIDS) to detect suspicious Wi-Fi management frames or rogue configuration attempts. 6) Regularly auditing device configurations and firmware versions to identify vulnerable devices. 7) Engaging with the vendor for patch timelines and subscribing to vulnerability notifications. Since no patches currently exist, these compensating controls are critical to reduce risk.