QwikSec

Security Database

CVE

CWE

Training

CVE-2026-25072

Published: Mar 7, 2026

Modified: May 11, 2026

PUBLISHED

Description

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed session parameters in URLs to gain unauthorized access to authenticated user sessions.

Vendor	Product	Versions
Anhui Seeker Electronic Technology Co., LTD.	XikeStor SKS8310-8X	affected `0 - <= 1.04.B07`

Weaknesses (CWE)

References

https://www.aliexpress.com/i/3256808697772710.html

product

https://openwrt.org/toh/xikestor/sks8310-8x?s%5B%5D=xikestor&s%5B%5D=sks8310&s%5B%5D=8x

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.