Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
XikeStor SKS8310-8X Switch Firmware Missing Authentication
CVE-2026-25071
Summary
Old firmware versions of XikeStor SKS8310-8X network switches allow hackers to access sensitive information without a password. This means an attacker could get access to your switch's configuration details, like how it's set up and what IP addresses are used. Update your firmware to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| seekswan | zikestor_sks8310-8x_firmware | <= 1.04.b07 | – |
Original title
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attacker...
Original description
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to retrieve sensitive configuration information including VLAN settings and IP addressing details.
nvd CVSS4.0
8.7
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026