CVE-2026-25071
Received Received - Intake
Missing Authentication Allows Remote Config Download in XikeStor SKS8310-8X

Publication date: 2026-03-07

Last updated on: 2026-03-12

Assigner: VulnCheck

Description
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to retrieve sensitive configuration information including VLAN settings and IP addressing details.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-03-12
Generated
2026-06-16
AI Q&A
2026-03-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25071
EUVD
EUVD-2026-10093
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
seekswan zikestor_sks8310-8x_firmware to 1.04.b07 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and earlier. It is a missing authentication flaw in the /switch_config.src endpoint, which allows unauthenticated remote attackers to download the device's configuration files.

Because there is no authentication required, attackers can access this endpoint without any credentials and retrieve sensitive configuration information such as VLAN settings and IP addressing details.

Impact Analysis

This vulnerability can have a significant impact because it allows attackers to remotely obtain sensitive network configuration details without any authentication.

  • Attackers can gain insight into VLAN configurations, which could be used to map the network structure.
  • IP addressing details can be exposed, potentially aiding further attacks such as network intrusion or lateral movement.
  • The exposure of configuration files could lead to unauthorized access or manipulation of the network switch.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25071. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart