<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>M300 Wi-Fi Repeater (Hardware Model MT02) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/m300-wi-fi-repeater-hardware-model-mt02/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 01 Jul 2026 20:26:19 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/m300-wi-fi-repeater-hardware-model-mt02/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-58457: Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated OS Command Injection</title><link>https://feed.craftedsignal.io/briefs/2026-07-shenzhen-aitemi-m300-os-cmd-injection/</link><pubDate>Wed, 01 Jul 2026 20:26:19 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-shenzhen-aitemi-m300-os-cmd-injection/</guid><description>An unauthenticated OS command injection vulnerability, CVE-2026-58457, exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02), allowing network-adjacent attackers to execute arbitrary shell commands and gain full root-level control by injecting unsanitized input into the `smacfilter_conf` handler's GET parameters within the `commuos` web backend.</description><content:encoded><![CDATA[<p>The National Vulnerability Database (NVD) has disclosed CVE-2026-58457, an unauthenticated OS command injection vulnerability affecting the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). This critical flaw allows network-adjacent attackers to achieve full root-level control over the device. Attackers can leverage the <code>smacfilter_conf</code> handler in the <code>commuos</code> web backend by injecting unsanitized input into the 'name', 'enable', or 'mac' GET parameters. This vulnerability stems from the device's firmware improperly handling user-supplied data, passing it directly to <code>sprintf()</code> and then executing it via <code>doSystemCmdComlib()</code>, making these devices highly susceptible to compromise without authentication.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker identifies an internet-facing or network-adjacent Shenzhen Aitemi M300 Wi-Fi Repeater.</li>
<li>Attacker crafts a malicious HTTP GET request targeting the <code>/commuos/smacfilter_conf</code> handler in the device's web backend.</li>
<li>The request includes a payload appended with semicolon-delimited OS commands within the 'name', 'enable', or 'mac' GET parameters (e.g., <code>?name=test;id</code>).</li>
<li>The vulnerable <code>commuos</code> web backend receives the request and processes the injected parameters without proper sanitization.</li>
<li>The unsanitized input, including the attacker's OS command, is concatenated into a command string using <code>sprintf()</code>.</li>
<li>The <code>doSystemCmdComlib()</code> function executes the malformed command string with root privileges on the device's underlying operating system.</li>
<li>Attacker gains full root-level control over the Shenzhen Aitemi M300 Wi-Fi Repeater.</li>
<li>Attacker can then perform actions such as installing backdoors, modifying network configurations, or launching further attacks from the compromised device.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>A successful exploitation of CVE-2026-58457 grants network-adjacent attackers unauthenticated, full root-level control over the Shenzhen Aitemi M300 Wi-Fi Repeater. This level of access allows attackers to completely compromise the device, potentially reconfiguring it for malicious purposes, intercepting network traffic, launching denial-of-service attacks, or establishing a foothold within the victim's network. Given the nature of Wi-Fi repeaters, compromised devices could become an entry point for lateral movement or data exfiltration from connected devices on the network, posing a significant risk to data confidentiality, integrity, and availability for home and small office networks.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply the vendor-provided firmware update for Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) that addresses CVE-2026-58457 immediately.</li>
<li>Deploy the <code>Detects CVE-2026-58457 Exploitation — Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection</code> Sigma rule provided in this brief to your SIEM.</li>
<li>Ensure webserver access logs are enabled and forwarded to your SIEM for all internet-facing network devices to facilitate detection of exploitation attempts.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>network</category><category>command-injection</category><category>vulnerability</category><category>firmware</category><category>iot</category></item></channel></rss>