Skip to main content

M300 Wi Fi Repeater

1 CVEs product

Monthly

CVE-2026-58457 CRITICAL POC Act Now

Unauthenticated OS command injection in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) lets network-adjacent attackers run arbitrary shell commands as root through the smacfilter_conf handler in the commuos web backend. Publicly available exploit code exists (published by VulnCheck/IEATASICS), and successful exploitation grants full device takeover; the flaw carries a CVSS 4.0 base score of 9.3 but is reachable only by attackers adjacent to the device's network. No public exploit is listed in CISA KEV, so this is proof-of-concept exposure rather than confirmed active exploitation.

Command Injection M300 Wi Fi Repeater
NVD GitHub
CVSS 4.0
9.3
EPSS
1.7%
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Unauthenticated OS command injection in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) lets network-adjacent attackers run arbitrary shell commands as root through the smacfilter_conf handler in the commuos web backend. Publicly available exploit code exists (published by VulnCheck/IEATASICS), and successful exploitation grants full device takeover; the flaw carries a CVSS 4.0 base score of 9.3 but is reachable only by attackers adjacent to the device's network. No public exploit is listed in CISA KEV, so this is proof-of-concept exposure rather than confirmed active exploitation.

Command Injection M300 Wi Fi Repeater
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy