External risk intelligence

Aitemi M300 Wi-Fi Repeater Command Injection

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-58457

The device is a Wi-Fi repeater, which operates at the network edge but is typically restricted to local network segments rather than being directly exposed to the public internet. While it includes a web-based management interface, such interfaces on consumer network hardware are generally designed for local access and are not intended to be reachable from the public internet.

OS Command Injection

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified in Shenzhen Aitemi M300 Wi-Fi repeaters that could allow unauthorized individuals to take full control of the device. This issue stems from how the device handles input through its web backend, potentially enabling the execution of malicious commands. The main concern is confirming if this specific hardware is in use within our environment.

  • Unauthenticated command injection on Wi-Fi repeaters.
  • Potential for full device compromise and control.
  • Verify device presence and assess potential exposure.

Attack Path

How an attacker could exploit the issue

Attackers can exploit this vulnerability by sending specially crafted network requests to the Wi-Fi repeater's web interface. No authentication is needed for this, allowing an attacker to inject malicious commands that are then executed by the device. This can lead to full control of the device, including its operating system.

  • Entry: Network-adjacent access required.
  • Trigger: Sending unsanitized input to specific parameters.
  • Risk: Full root-level control of the device.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow unauthenticated attackers on the local network to execute arbitrary commands on the Shenzhen Aitemi M300 Wi-Fi Repeater, potentially leading to full control of the device. This could occur when an attacker sends specially crafted input through the web backend's `smacfilter_conf` handler.

  • Device control.
  • Injecting unsanitized input.
  • Full root-level control of the device.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in a Shenzhen Aitemi Wi-Fi repeater likely falls under the responsibility of teams managing network infrastructure or IoT devices, potentially including a dedicated IoT security team. The first practical step is to identify all deployed M300 devices, confirm their network accessibility, and ascertain their criticality to business operations to prioritize remediation efforts.

  • Network or IoT teams should own this.
  • Verify device exposure and criticality.
  • Plan targeted remediation or isolation.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Shenzhen Aitemi M300 Wi-Fi Repeater?

The Shenzhen Aitemi M300 (model MT02) is a networking device designed to extend the range of a wireless signal. Users deploy these repeaters to eliminate Wi-Fi dead zones in homes or offices by capturing an existing signal and rebroadcasting it. Because they function as network infrastructure, they include a web-based management interface that allows administrators to configure settings and monitor connectivity.

What does OS command injection mean for CVE-2026-58457?

This vulnerability is an OS command injection, classified as CWE-78. It means the repeater's web software fails to clean user-provided data before passing it to the underlying system. Because the device executes these inputs as shell commands, an attacker can manipulate the system into running unauthorized instructions with root privileges, effectively taking full control of the device's operating system.

How do attackers trigger this vulnerability?

An attacker triggers this by sending specially crafted web requests to the device's smacfilter_conf backend handler. By inserting semicolon-delimited code into specific parameters—name, enable, or mac—the attacker tricks the system into executing their commands. The flaw does not trigger if the device is not reachable, nor can it be triggered by someone entirely outside the local network segment.

Is my device at risk based on Halo Surface Signal?

Halo Surface Signal indicates that while these devices contain a management interface, they are typically designed for local network access and are unlikely to be directly exposed to the public internet. Therefore, the risk is usually limited to attackers already positioned on your local network segment who can reach the device's administrative web interface.

What should I do if I have these repeaters?

First, perform an inventory to identify if any M300 devices are deployed in your environment. Confirm their current network configuration and whether they are accessible to unauthorized users. Prioritize these devices by their criticality to your operations and evaluate whether they can be isolated from sensitive segments or if they should be replaced to mitigate the risk of full device compromise.

References