CVE-2025-34149 is a severe OS command injection vulnerability identified in the Shenzhen Aitemi M300 Wi-Fi Repeater, specifically hardware model MT02. The flaw exists in the handling of the 'key' parameter during WPA2 wireless configuration, where the input is directly interpreted by the system shell without proper neutralization of special characters or command elements. This improper input validation (CWE-78) enables an attacker to inject arbitrary shell commands that execute with root privileges on the device. The vulnerability is remotely exploitable without requiring any authentication or user interaction, making it highly accessible to attackers within wireless range or connected networks. The CVSS 4.0 vector indicates attack vector as adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). This means an attacker can fully compromise the device, potentially pivoting into internal networks or disrupting wireless services. No patches or mitigations have been published yet, and no exploits are known in the wild, but the critical nature demands urgent attention. The vulnerability affects all versions of the M300 repeater, indicating a systemic issue in the device firmware's input handling during wireless setup.

For European organizations, this vulnerability poses a significant risk to network security and operational continuity. The ability to execute arbitrary commands as root on a network device can lead to full device compromise, allowing attackers to intercept, manipulate, or disrupt wireless communications. This could facilitate lateral movement into corporate networks, data exfiltration, or denial of service attacks. Given the device’s role in extending Wi-Fi coverage, compromised repeaters could serve as persistent footholds or launch points for broader attacks. Critical infrastructure, government agencies, and enterprises relying on Shenzhen Aitemi M300 repeaters for wireless connectivity are particularly vulnerable. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the likelihood of attacks in environments with exposed or poorly segmented wireless networks.

1. Immediately identify and isolate all Shenzhen Aitemi M300 Wi-Fi Repeaters within the network to prevent exploitation. 2. Restrict network access to the management interfaces of these devices, ideally placing them behind firewalls or VLANs that limit exposure to untrusted networks. 3. Disable or restrict wireless setup features that accept the 'key' parameter remotely until a vendor patch is available. 4. Monitor network traffic for unusual command execution patterns or unexpected device behavior indicative of compromise. 5. Engage with Shenzhen Aitemi for firmware updates or patches addressing this vulnerability and apply them promptly once available. 6. Consider replacing affected devices with alternatives from vendors with stronger security track records if immediate patching is not feasible. 7. Implement network segmentation to limit the impact of any compromised wireless repeaters. 8. Educate IT staff on the risks associated with this vulnerability and ensure incident response plans include scenarios involving compromised network infrastructure devices.