diff --git a/http/cves/2022/CVE-2022-48164.yaml b/http/cves/2022/CVE-2022-48164.yaml
index d0de6f39e2..cf3f1e26af 100644
--- a/http/cves/2022/CVE-2022-48164.yaml
+++ b/http/cves/2022/CVE-2022-48164.yaml
@@ -24,7 +24,19 @@ info:
     fofa-query: body="WN533A8"
   tags: cve,cve2022,wavlink,exposure,wn533a8
 
+flow: http(1) && http(2)
+
 http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(body, "WN533A8")'
+        internal: true
+
   - method: GET
     path:
       - "{{BaseURL}}/cgi-bin/ExportLogs.sh"