What is CVE-2025-34152?

CVE-2025-34152 is a vulnerability in Shenzhen Aitemi E Commerce Co. Ltd. M300 Wi-fi Repeater, classified under OS Command Injection. Published 2025-08-07.

Is CVE-2025-34152 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Shenzhen Aitemi E Commerce Co. Ltd. M300 Wi-fi Repeater

CVE-2025-34152

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' comma…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.617 (99.1th percentile) — read the EPSS interpretation.

Affected products

Shenzhen Aitemi E Commerce Co. Ltd. M300 Wi-fi Repeater

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/ (technical-description, exploit)
www.aliexpress.us/item/3256806767641280.html (product)
www.vulncheck.com/advisories/shenzhen-aitemi-m300-wifi-repeater-os-command-inje… (third-party-advisory)

Frequently asked questions

What is CVE-2025-34152?: CVE-2025-34152 is a vulnerability in Shenzhen Aitemi E Commerce Co. Ltd. M300 Wi-fi Repeater, classified under OS Command Injection. Published 2025-08-07.
Is CVE-2025-34152 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.