{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/m300-wi-fi-repeater-hardware-model-mt02/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["M300 Wi-Fi Repeater (hardware model MT02)","M300 Wi-Fi Repeater","MT02"],"_cs_severities":["critical"],"_cs_tags":["network","command-injection","vulnerability","firmware","iot"],"_cs_type":"advisory","_cs_vendors":["Shenzhen Aitemi"],"content_html":"\u003cp\u003eThe National Vulnerability Database (NVD) has disclosed CVE-2026-58457, an unauthenticated OS command injection vulnerability affecting the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). This critical flaw allows network-adjacent attackers to achieve full root-level control over the device. Attackers can leverage the \u003ccode\u003esmacfilter_conf\u003c/code\u003e handler in the \u003ccode\u003ecommuos\u003c/code\u003e web backend by injecting unsanitized input into the 'name', 'enable', or 'mac' GET parameters. This vulnerability stems from the device's firmware improperly handling user-supplied data, passing it directly to \u003ccode\u003esprintf()\u003c/code\u003e and then executing it via \u003ccode\u003edoSystemCmdComlib()\u003c/code\u003e, making these devices highly susceptible to compromise without authentication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an internet-facing or network-adjacent Shenzhen Aitemi M300 Wi-Fi Repeater.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP GET request targeting the \u003ccode\u003e/commuos/smacfilter_conf\u003c/code\u003e handler in the device's web backend.\u003c/li\u003e\n\u003cli\u003eThe request includes a payload appended with semicolon-delimited OS commands within the 'name', 'enable', or 'mac' GET parameters (e.g., \u003ccode\u003e?name=test;id\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003ecommuos\u003c/code\u003e web backend receives the request and processes the injected parameters without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe unsanitized input, including the attacker's OS command, is concatenated into a command string using \u003ccode\u003esprintf()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edoSystemCmdComlib()\u003c/code\u003e function executes the malformed command string with root privileges on the device's underlying operating system.\u003c/li\u003e\n\u003cli\u003eAttacker gains full root-level control over the Shenzhen Aitemi M300 Wi-Fi Repeater.\u003c/li\u003e\n\u003cli\u003eAttacker can then perform actions such as installing backdoors, modifying network configurations, or launching further attacks from the compromised device.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploitation of CVE-2026-58457 grants network-adjacent attackers unauthenticated, full root-level control over the Shenzhen Aitemi M300 Wi-Fi Repeater. This level of access allows attackers to completely compromise the device, potentially reconfiguring it for malicious purposes, intercepting network traffic, launching denial-of-service attacks, or establishing a foothold within the victim's network. Given the nature of Wi-Fi repeaters, compromised devices could become an entry point for lateral movement or data exfiltration from connected devices on the network, posing a significant risk to data confidentiality, integrity, and availability for home and small office networks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the vendor-provided firmware update for Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) that addresses CVE-2026-58457 immediately.\u003c/li\u003e\n\u003cli\u003eDeploy the \u003ccode\u003eDetects CVE-2026-58457 Exploitation — Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection\u003c/code\u003e Sigma rule provided in this brief to your SIEM.\u003c/li\u003e\n\u003cli\u003eEnsure webserver access logs are enabled and forwarded to your SIEM for all internet-facing network devices to facilitate detection of exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-17T00:01:18Z","date_published":"2026-07-01T20:26:19Z","id":"https://feed.craftedsignal.io/briefs/2026-07-shenzhen-aitemi-m300-os-cmd-injection/","summary":"An unauthenticated OS command injection vulnerability, CVE-2026-58457, exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02), allowing network-adjacent attackers to execute arbitrary shell commands and gain full root-level control by injecting unsanitized input into the `smacfilter_conf` handler's GET parameters within the `commuos` web backend.","title":"CVE-2026-58457: Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated OS Command Injection","url":"https://feed.craftedsignal.io/briefs/2026-07-shenzhen-aitemi-m300-os-cmd-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - M300 Wi-Fi Repeater (Hardware Model MT02)","version":"https://jsonfeed.org/version/1.1"}