.. / CVE-2021-35395

Exploit for RealTek Jungle SDK - Arbitrary Command Injection (CVE-2021-35395)

Description:

There is a command injection vulnerability on the “formWsc” page of the management interface. Successful exploitation of this vulnerability could lead to remote code execution and compromise of the affected system.

Nuclei Template

View the template here CVE-2021-35395.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-35395.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-35395
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en
https://github.com/Knighthana/YABWF
https://blogs.juniper.net/en-us/threat-research/attacks-continue-against-realtek-vulnerabilities

.. / CVE-2021-35395 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for RealTek Jungle SDK - Arbitrary Command Injection (CVE-2021-35395)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-35395