CVE-2026-25073

Summary: CVE-2026-25073 affects XikeStor SKS8310-8X Network Switch firmware prior to 1.04.B07. A stored cross-site scripting vulnerability exists in the System Name field due to improper output encoding, allowing authenticated attackers to inject and execute scripts in a victim’s browser when the...

CVE-2026-25072

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

PT-2026-23782

Name of the Vulnerable Software and Affected Versions XikeStor SKS8310-8X Network Switch versions prior to 1.04.B07 Description The XikeStor SKS8310-8X Network Switch firmware contains a missing authentication issue. An unauthenticated attacker can access the /switch config.src API endpoint to...