Introduction Initial Technical Limitations Tested Payloads Bind Shell Deployment Additional Injection Points New Injection Primitive via time_conf (CVE-2025-34152) Introduction Contextual recap of the initial discovery In early August 2025, I stumbled on a surprisingly easy bug in a €5 Shenzhen Aitemi M300 Wi-Fi Repeater (model MT02). While joking with friends over how cheap IoT devices must be full of holes, I typed $(id) into the SSID field on its Extender setup page.
