EIP-2026-118361

PRE-CVE

CiscoKits 1.0 - TFTP Server Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118361. PoCs published by SecPod Research.

AI-analyzed exploit summary This Python script exploits a directory traversal vulnerability in CiscoKits TFTP Server by sending a crafted TFTP read request to retrieve arbitrary files (e.g., win.ini) from the target system. The exploit leverages UDP socket communication to send the malicious payload and display the retrieved file contents.

Description

CiscoKits 1.0 - TFTP Server Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED

by SecPod Research · pythonremotewindows

https://www.exploit-db.com/exploits/17619

View Code ZIP pw:eip

This Python script exploits a directory traversal vulnerability in CiscoKits TFTP Server by sending a crafted TFTP read request to retrieve arbitrary files (e.g., win.ini) from the target system. The exploit leverages UDP socket communication to send the malicious payload and display the retrieved file contents.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: CiscoKits CCNA TFTP Server 1.0.0.0

No auth needed

Prerequisites: Network access to the target TFTP server (UDP port 69)

MITRE ATT&CK

T1005 - Data from Local System T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026