Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
XikeStor SKS8310-8X Firmware Allows Remote Session Hijacking
CVE-2026-25072
Summary
The XikeStor SKS8310-8X Network Switch has a security flaw in its firmware that makes it possible for hackers to take control of users' sessions. This could allow them to access sensitive information or make changes to the system without permission. Update your firmware to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| seekswan | zikestor_sks8310-8x_firmware | <= 1.04.b07 | – |
Original title
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijac...
Original description
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed session parameters in URLs to gain unauthorized access to authenticated user sessions.
nvd CVSS4.0
8.6
Vulnerability type
CWE-330
Use of Insufficiently Random Values
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026