CVE-2025-34147 is a critical OS command injection vulnerability affecting the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The vulnerability arises due to improper neutralization of special characters in the extap2g SSID field when the device is configured in Extender mode via its captive portal. Specifically, the SSID value is inserted unescaped into a shell script that executes during device reboot. Because this input is not sanitized, a remote attacker within Wi-Fi range can craft a malicious SSID containing shell commands. When the device reboots, these injected commands execute with root privileges, resulting in full system compromise. The vulnerability requires no authentication or user interaction, making exploitation straightforward for anyone in wireless proximity. The CVSS 4.0 score of 9.4 reflects the critical nature of this flaw, with high impact on confidentiality, integrity, and availability, and low attack complexity. Although no known exploits are currently reported in the wild, the vulnerability’s characteristics make it a prime candidate for exploitation in the near future. The affected product is widely deployed as a consumer and small business Wi-Fi range extender, increasing the potential attack surface. The root-level command execution could allow attackers to manipulate device configurations, intercept or redirect network traffic, or use the device as a foothold for lateral movement within local networks.

For European organizations, this vulnerability poses a significant risk, especially for small and medium enterprises (SMEs) and home office environments that commonly use consumer-grade Wi-Fi extenders like the Shenzhen Aitemi M300. Compromise of these devices can lead to unauthorized access to internal networks, data interception, and potential pivoting to more critical infrastructure. The ability to execute arbitrary commands as root means attackers can disable security controls, install persistent malware, or disrupt network availability. Given the proximity requirement, attackers could operate from nearby public spaces or adjacent properties, making physical security less of a barrier. The impact extends to privacy violations and potential regulatory non-compliance under GDPR if personal data is exposed or intercepted. Additionally, compromised devices could be leveraged in botnets or as part of larger coordinated attacks targeting European networks, amplifying the threat beyond individual device compromise.

To mitigate this vulnerability, European organizations should first identify any Shenzhen Aitemi M300 Wi-Fi Repeaters deployed within their environments. Immediate steps include: 1) Isolating affected devices on segmented networks to limit potential lateral movement. 2) Disabling Extender mode or captive portal configuration until a vendor patch is available. 3) Monitoring wireless environments for suspicious SSIDs that could be crafted to exploit this vulnerability. 4) Restricting physical and wireless access to trusted users and locations to reduce attacker proximity. 5) Employing network intrusion detection systems (NIDS) capable of detecting anomalous device behavior or command injection attempts. 6) Engaging with the vendor for firmware updates or patches; if none are available, consider replacing vulnerable devices with alternatives from vendors with stronger security postures. 7) Educating users about the risks of connecting to or configuring devices via unsecured captive portals. These measures go beyond generic advice by focusing on device identification, network segmentation, and active monitoring tailored to this specific vulnerability.