Seekswan CVEs & Vulnerabilities

4 CVEs affecting Seekswan products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

zikestor sks8310-8x 4zikestor sks8310-8x firmware 4
CVE-2026-25073MEDIUM

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's browser when the stored value is viewed due to improper output encoding.

7 Mar 2026
5.4
CVSS
CVE-2026-25072CRITICAL

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed session parameters in URLs to gain unauthorized access to authenticated user sessions.

7 Mar 2026
9.8
CVSS
CVE-2026-25071HIGH

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to retrieve sensitive configuration information including VLAN settings and IP addressing details.

7 Mar 2026
7.5
CVSS
CVE-2026-25070CRITICAL

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through the destIp parameter to achieve remote code execution with root privileges on the network switch.

7 Mar 2026
9.8
CVSS
← PrevPage 1 / 1Next →