Xikestor Sks8310 8X
Approved changes feed: RSS · Atom
cpe:2.3:a:anhui_seeker_electronic_technology_co.,_ltd.:xikestor_sks8310-8x:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Anhui Seeker Electronic Technology Co., Ltd. (b38dd311-693f-5963-ae6d-79d1445e8839) |
|---|---|
| Product | Xikestor Sks8310 8X (6986afd3-28e9-5685-89e4-0e8ff17478d1) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-25073 |
vulnerable | 2026-06-08 07:53:18.926098 |
XikeStor SKS8310-8X Stored XSS via System Name
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's browser when the stored value is viewed due to improper output encoding.
Published: 2026-03-07T00:20:06.528Z
Updated: 2026-05-11T23:11:08.245Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25072 |
vulnerable | 2026-06-08 07:53:18.925521 |
XikeStor SKS8310-8X Predictable Session Identifiers
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed session parameters in URLs to gain unauthorized access to authenticated user sessions.
Published: 2026-03-07T00:20:05.765Z
Updated: 2026-05-11T23:11:07.580Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25071 |
vulnerable | 2026-06-08 07:53:18.924867 |
XikeStor SKS8310-8X switch_config.src Missing Authentication
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to retrieve sensitive configuration information including VLAN settings and IP addressing details.
Published: 2026-03-07T00:20:04.719Z
Updated: 2026-05-11T23:11:06.812Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25070 |
vulnerable | 2026-06-08 07:53:18.922843 |
XikeStor SKS8310-8X PingTestSet Command Injection
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through the destIp parameter to achieve remote code execution with root privileges on the network switch.
Published: 2026-03-07T00:20:03.359Z
Updated: 2026-05-11T23:11:05.962Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.