Description
Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilter_conf handler in the commuos web backend. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are passed without sanitization into sprintf() to build uci shell commands executed via doSystemCmdComlib(), granting full root-level control of the device.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: 1.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unauthenticated OS command injection in the smacfilter_conf handler of the commuos web backend of the Shenzhen Aitemi M300 Wi‑Fi Repeater. Unsanitized input from the name, enable, or mac GET parameters is inserted into a sprintf‑built string that is executed via doSystemCmdComlib(), allowing an attacker to run arbitrary shell commands at full root level. This results in full compromise of the device, granting the attacker absolute control.

Affected Systems

The affected product is the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware model MT02) supplied by Shenzhen Aitemi E Commerce Co. Ltd. No additional vendor or version details are provided in the entry.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.3, indicating critical severity. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. Because the web interface is exposed on the local network, a network‑adjacent attacker who can reach the device without authentication can exploit the command injection simply by crafting HTTP GET requests. The attack requires no special privileges beyond network connectivity, making exploitation highly feasible for nearby adversaries. Based on the description, it is inferred that the attacker must have local network access to the device’s web interface to exploit the flaw.

Generated by OpenCVE AI on July 2, 2026 at 12:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor firmware update that patches the command injection flaw.
  • Restrict the device to a secure, isolated VLAN and block external traffic to the web interface using firewall or router rules.
  • Block or disable the protocol.csp endpoint or the specific GET parameters (name, enable, mac) that trigger the vulnerability by configuring a proxy or firewall to filter these requests until an official patch is available.

Generated by OpenCVE AI on July 2, 2026 at 12:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Description Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilter_conf handler in the commuos web backend. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are passed without sanitization into sprintf() to build uci shell commands executed via doSystemCmdComlib(), granting full root-level control of the device.
Title Shenzhen Aitemi M300 MT02 Unauthenticated OS Command Injection via protocol.csp
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T19:23:25.177Z

Reserved: 2026-06-30T20:20:33.789Z

Link: CVE-2026-58457

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T13:00:03Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')