Zikestor Sks8310 8x Firmware
Monthly
Stored cross-site scripting in Zikestor SKS8310-8X firmware versions 1.04.B07 and earlier allows authenticated users to inject malicious scripts via the System Name field, which execute when other administrators view the configuration. The lack of proper output encoding enables attackers with login credentials to compromise the security of administrative sessions viewing the affected switch settings.
Predictable session identifier generation in XikeStor SKS8310-8X network switch allows session hijacking even if the command injection (CVE-2026-25070) is patched.
Unauthenticated remote attackers can download sensitive configuration files from ZikeStor SKS8310-8X network switches (firmware 1.04.B07 and earlier) via an unprotected /switch_config.src endpoint, exposing VLAN settings and IP addressing details without requiring credentials. This HIGH severity vulnerability (CVSS 7.5) affects confidentiality of device configurations and currently has no available patch.
OS command injection in XikeStor SKS8310-8X network switch firmware 1.04.B07 and prior via management interface. Unauthenticated RCE on network infrastructure.
Stored cross-site scripting in Zikestor SKS8310-8X firmware versions 1.04.B07 and earlier allows authenticated users to inject malicious scripts via the System Name field, which execute when other administrators view the configuration. The lack of proper output encoding enables attackers with login credentials to compromise the security of administrative sessions viewing the affected switch settings.
Predictable session identifier generation in XikeStor SKS8310-8X network switch allows session hijacking even if the command injection (CVE-2026-25070) is patched.
Unauthenticated remote attackers can download sensitive configuration files from ZikeStor SKS8310-8X network switches (firmware 1.04.B07 and earlier) via an unprotected /switch_config.src endpoint, exposing VLAN settings and IP addressing details without requiring credentials. This HIGH severity vulnerability (CVSS 7.5) affects confidentiality of device configurations and currently has no available patch.
OS command injection in XikeStor SKS8310-8X network switch firmware 1.04.B07 and prior via management interface. Unauthenticated RCE on network infrastructure.