CVE-2008-4128 is a multiple cross-site request forgery vulnerability in the HTTP Administration component of Cisco IOS 12.4 on Cisco 871 Integrated Services Routers. The flaw allows a remote attacker to cause an authenticated administrator's browser to submit crafted requests to the router’s web management interface, resulting in execution of arbitrary IOS commands. Reported exploitation paths include requests that invoke privilege-related and configuration-related commands through the HTTP administration interface. Successful exploitation can alter device behavior and compromise administrative control of the router.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.
All candidate exploits were filtered out by Mallory's validation.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
16 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A Cisco IOS 12.4 HTTP Administration interface vulnerability on Cisco 871 Integrated Services Routers involving multiple CSRF flaws that can let a remote attacker trick an authenticated administrator into executing arbitrary privilege-related and configuration commands.
An older Cisco device vulnerability that the advisory says was exploited by Russian FSB Center 16 operators against networking devices.
A known Cisco networking-device vulnerability that the advisory says the actors exploited to gain access to devices.
A Cisco IOS HTTP Administration component vulnerability involving multiple cross-site request forgery issues that can let a remote attacker trick an authenticated administrator into executing arbitrary commands or changing router configuration via the web management interface.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.