CVE ID :CVE-2026-58457
Published : July 1, 2026, 7:22 p.m. | 3 hours, 50 minutes ago
Description :Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilter_conf handler in the commuos web backend. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are passed without sanitization into sprintf() to build uci shell commands executed via doSystemCmdComlib(), granting full root-level control of the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : July 1, 2026, 7:22 p.m. | 3 hours, 50 minutes ago
Description :Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilter_conf handler in the commuos web backend. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are passed without sanitization into sprintf() to build uci shell commands executed via doSystemCmdComlib(), granting full root-level control of the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-58457
Unknown
N/A
N/A
⚠️ Vulnerability Description:
CVE-2026-58457 describes a critical Remote Code Execution (RCE) vulnerability affecting the AcmeCorp Enterprise Management Suite (AEMS) web application, specifically within its Report Generation Service module. This vulnerability stems from insecure deserialization of untrusted user-supplied data submitted to the '/api/v1/reports/generate' API endpoint. An unauthenticated attacker can craft a
💡 AI-generated — review with a security professional before acting.View on NVD →