QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-25071

Back to search

CVE-2026-25071

Published: Mar 7, 2026

Modified: May 11, 2026

PUBLISHED

Description

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to retrieve sensitive configuration information including VLAN settings and IP addressing details.

VendorProductVersions

Anhui Seeker Electronic Technology Co., LTD.

XikeStor SKS8310-8X

affected
0 - <= 1.04.B07

Weaknesses (CWE)

CWE-306

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now