Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
XikeStor SKS8310-8X Network Switch: Remote Code Execution via Malicious Ping Request
CVE-2026-25070
Summary
The XikeStor SKS8310-8X Network Switch has a security weakness that makes it possible for an attacker to run unauthorized commands on the switch by sending a specially crafted ping request. This could allow an attacker to gain control of the switch. Update the firmware to a version later than 1.04.B07 to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| seekswan | zikestor_sks8310-8x_firmware | <= 1.04.b07 | – |
Original title
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attacker...
Original description
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through the destIp parameter to achieve remote code execution with root privileges on the network switch.
nvd CVSS4.0
9.3
Vulnerability type
CWE-78
OS Command Injection
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026