cbcvebase.

Anhui Seeker Electronic Technology Co Ltd Xikestor Sks8310-8X vulnerabilities

4 known vulnerabilities affecting anhui_seeker_electronic_technology_co_ltd/xikestor_sks8310-8x.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-25070P1CRITICALCVSS 9.8≤ 1.04.B072026-03-07
CVE-2026-25070 [CRITICAL] CWE-78 CVE-2026-25070: XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command inject XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through the destIp parameter to achieve remote code execution w
nvd
CVE-2026-25072P2CRITICALCVSS 9.8≤ 1.04.B072026-03-07
CVE-2026-25072 [CRITICAL] CWE-330 CVE-2026-25072: XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable sessio XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed session parameters in
nvd
CVE-2026-25071P3HIGHCVSS 7.5≤ 1.04.B072026-03-07
CVE-2026-25071 [HIGH] CWE-306 CVE-2026-25071: XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentica XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to retrieve sensitive configuration information including V
nvd
CVE-2026-25073P4MEDIUMCVSS 5.4≤ 1.04.B072026-03-07
CVE-2026-25073 [MEDIUM] CWE-79 CVE-2026-25073: XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's browser when the stored value is viewed due to improper outpu
nvd
Anhui Seeker Electronic Technology Co Ltd Xikestor Sks8310-8X vulnerabilities | cvebase