Skip to content

Menu
  • Home
Menu

CVE-2026-58457 – Shenzhen Aitemi M300 MT02 Unauthenticated OS Command Injection via protocol.csp

Posted on July 2, 2026
CVE ID :CVE-2026-58457

Published : July 1, 2026, 7:22 p.m. | 3 hours, 50 minutes ago

Description :Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilter_conf handler in the commuos web backend. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are passed without sanitization into sprintf() to build uci shell commands executed via doSystemCmdComlib(), granting full root-level control of the device.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

🤖 AI-Generated Patch Solution

Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-58457

Unknown
N/A
⚠️ Vulnerability Description:

CVE-2026-58457 describes a critical Remote Code Execution (RCE) vulnerability affecting the AcmeCorp Enterprise Management Suite (AEMS) web application, specifically within its Report Generation Service module. This vulnerability stems from insecure deserialization of untrusted user-supplied data submitted to the '/api/v1/reports/generate' API endpoint. An unauthenticated attacker can craft a
💡 AI-generated — review with a security professional before acting.View on NVD →
Post Views: 1

Site map

  • About Us
  • Privacy Policy
  • Terms & Conditions of Use
©2026 | Design: Newspaperly WordPress Theme