diff --git a/RaspAP/CVE-2021-33357/CVE-2021-33357.gif b/RaspAP/CVE-2021-33357/CVE-2021-33357.gif
new file mode 100644
index 0000000..1cac3c1
Binary files /dev/null and b/RaspAP/CVE-2021-33357/CVE-2021-33357.gif differ
diff --git a/RaspAP/CVE-2021-33357/README.md b/RaspAP/CVE-2021-33357/README.md
new file mode 100644
index 0000000..51d17a5
--- /dev/null
+++ b/RaspAP/CVE-2021-33357/README.md
@@ -0,0 +1,10 @@
+
+# RaspAP Operating System Command Injection Vulnerability (CVE-2021-33357)
+
+RaspAP is an application software for simple wireless AP setup and management for Debian based devicesThere is an operating system command injection vulnerability in RaspAP, which stems from improper filtering of special characters such as \";\" in the \"iface\" parameter in RaspAP versions 2.6 to 2.6.5. An attacker can use this vulnerability to execute arbitrary operating system commands.
+
+FOFA **query rule**: [header="RaspAP"|| banner="RaspAP"](https://fofa.info/result?qbase64=aGVhZGVyPSJSYXNwQVAifHwgYmFubmVyPSJSYXNwQVAi)
+
+# Demo
+
+![CVE-2021-33357](CVE-2021-33357.gif)