Zikestor Sks8310 8x Firmware
CVE-2026-25071
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to retrieve sensitive configuration information including VLAN settings and IP addressing details.
AnalysisAI
Unauthenticated remote attackers can download sensitive configuration files from ZikeStor SKS8310-8X network switches (firmware 1.04.B07 and earlier) via an unprotected /switch_config.src endpoint, exposing VLAN settings and IP addressing details without requiring credentials. This HIGH severity vulnerability (CVSS 7.5) affects confidentiality of device configurations and currently has no available patch.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | XikeStor SKS8310-8X Network Switch firmware version 1.04.B07 or earlier with /switch_config.src endpoint accessible on network. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker without authentication could exploit this vulnerability to compromise the affected system. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all XikeStor SKS8310-8X switches and identify those running firmware 1.04.B07 or earlier; immediately restrict network access to the /switch_config.src endpoint via firewall rules to trusted management interfaces only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Zikestor Sks8310 8x Firmware
View allOS command injection in XikeStor SKS8310-8X network switch firmware 1.04.B07 and prior via management interface. Unauthe
Predictable session identifier generation in XikeStor SKS8310-8X network switch allows session hijacking even if the com
Stored cross-site scripting in Zikestor SKS8310-8X firmware versions 1.04.B07 and earlier allows authenticated users to
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today