CVE-2025-34147 is an unauthenticated OS command injection vulnerability affecting all versions of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The flaw exists in the device’s captive portal configuration interface when setting the extap2g SSID field in Extender mode. This SSID value is directly inserted into a shell script executed at reboot without proper sanitization or escaping of special characters. An attacker within Wi-Fi range can exploit this by crafting a malicious SSID that injects arbitrary shell commands. These commands execute with root privileges during device reboot, enabling full system compromise. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The CVSS 4.0 vector indicates the attack requires adjacent network access (Wi-Fi range), no privileges or user interaction, and results in high confidentiality, integrity, and availability impact with high scope and security requirements. Although no public exploits are known yet, the vulnerability’s nature and ease of exploitation make it highly dangerous. The device’s role as a network extender means compromise could allow attackers to intercept, manipulate, or disrupt network traffic and potentially pivot into connected networks. The lack of authentication and user interaction requirements significantly lowers the barrier for attackers. The vulnerability was reserved in April 2025 and published in August 2025, with no patches currently available, increasing urgency for mitigation.

For European organizations, this vulnerability poses a significant risk to network security and operational continuity. Compromise of the M300 Wi-Fi Repeater can lead to full device takeover, allowing attackers to execute arbitrary commands as root. This can result in interception or manipulation of network traffic, disruption of Wi-Fi services, and use of the device as a foothold for lateral movement into corporate or critical infrastructure networks. Sensitive data confidentiality and integrity may be compromised, and availability of network services can be disrupted. Organizations relying on these repeaters for extending Wi-Fi coverage in offices, industrial sites, or public spaces face increased exposure. The unauthenticated nature of the attack and requirement only for Wi-Fi proximity make it feasible for attackers to exploit from nearby locations without physical access or credentials. This is particularly concerning for organizations in dense urban environments or with exposed Wi-Fi networks. The absence of patches means that mitigation must rely on network controls and device configuration changes until vendor updates are available.

1. Immediately segment networks to isolate Shenzhen Aitemi M300 devices from sensitive internal networks, limiting attacker pivot opportunities. 2. Disable Extender mode on the M300 devices if not strictly necessary, as the vulnerability is triggered only in this mode. 3. Restrict physical and Wi-Fi access to trusted users and devices; implement strong Wi-Fi authentication and monitoring to detect rogue access points or suspicious SSID changes. 4. Monitor device logs and network traffic for unusual reboot events or unexpected shell command executions. 5. Employ wireless intrusion detection/prevention systems (WIDS/WIPS) to detect malicious SSID broadcasts or injection attempts. 6. Engage with Shenzhen Aitemi for firmware updates or patches and apply them promptly once available. 7. Consider replacing vulnerable devices with alternatives that have stronger security postures if immediate patching is not possible. 8. Educate IT and security teams about the vulnerability and signs of exploitation to enable rapid incident response.