Impact
The vulnerability is an unauthenticated OS command injection in the smacfilter_conf handler of the commuos web backend of the Shenzhen Aitemi M300 Wi‑Fi Repeater. Unsanitized input from the name, enable, or mac GET parameters is inserted into a sprintf‑built string that is executed via doSystemCmdComlib(), allowing an attacker to run arbitrary shell commands at full root level. This results in full compromise of the device, granting the attacker absolute control.
Affected Systems
The affected product is the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware model MT02) supplied by Shenzhen Aitemi E Commerce Co. Ltd. No additional vendor or version details are provided in the entry.
Risk and Exploitability
The vulnerability carries a CVSS score of 9.3, indicating critical severity. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. Because the web interface is exposed on the local network, a network‑adjacent attacker who can reach the device without authentication can exploit the command injection simply by crafting HTTP GET requests. The attack requires no special privileges beyond network connectivity, making exploitation highly feasible for nearby adversaries. Based on the description, it is inferred that the attacker must have local network access to the device’s web interface to exploit the flaw.
OpenCVE Enrichment