CVE-2008-4128

Cisco IOS 12.4 - Cross-Site Request Forgery via HTTP Administration Component

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4128. PoCs published by Jeremy Brown.

AI-analyzed exploit summary This exploit leverages a CSRF vulnerability in Cisco Router HTTP Administration to execute arbitrary commands via a crafted HTML form. The PoC automates the submission of a malicious 'alias exec' command to achieve remote command execution.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Jeremy Brown · htmlremotehardware
https://www.exploit-db.com/exploits/6477

This exploit leverages a CSRF vulnerability in Cisco Router HTTP Administration to execute arbitrary commands via a crafted HTML form. The PoC automates the submission of a malicious 'alias exec' command to achieve remote command execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Cisco Router HTTP Administration (version unspecified)
Auth required
Prerequisites: Target router IP address · Victim with admin privileges and Safari browser · Victim interaction (e.g., visiting malicious page)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Jeremy Brown · htmlremotehardware
https://www.exploit-db.com/exploits/6476

This exploit leverages a CSRF vulnerability in Cisco Router HTTP Administration to execute arbitrary commands. The PoC submits a form to execute 'show privilege' on the target router.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Cisco Router HTTP Administration
No auth needed
Prerequisites: Target router IP address · Victim must visit the malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6476
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45226
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6477
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31218

Scores

EPSS 0.1204
EPSS Percentile 95.6%

Details

CWE
CWE-352
Status published
Products (1)
cisco/ios 12.4
Published Sep 18, 2008
Tracked Since Feb 18, 2026