CVE-2026-25070

Critical CVSS: 9.3

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through the destIp parameter to achieve remote code execution with root privileges on the network switch.

Vendor

Seekswan

Product

Zikestor Sks8310-8x Firmware

CWE

CWE-78

Yayın Tarihi

2026-03-07 01:15:57

Güncelleme

2026-03-12 15:11:20

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Zikestor Sks8310-8x Firmware CRITICAL Seekswan 2026

Referanslar

https://openwrt.org/toh/xikestor/sks8310-8x?s%5B%5D=xikestor&s%5B%5D=sks8310&s%5B%5D=8x https://www.aliexpress.com/i/3256808697772710.html

Benzer Kayıtlar

High

CVE-2026-25071

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability i…

High

CVE-2026-25072

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnera…

Medium

CVE-2026-25073

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerabil…