CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through the destIp parameter to achieve remote code execution with root privileges on the network switch.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 77.0%

CVSS Severity

CVSS v3 Score 9.8

References

https://openwrt.org/toh/xikestor/sks8310-8x?s%5B%5D=xikestor&s%5B%5D=sks8310&s%5B%5D=8x
https://www.aliexpress.com/i/3256808697772710.html

Products affected by CVE-2026-25070

Seekswan » Zikestor Sks8310-8x » Version: N/A

cpe:2.3:h:seekswan:zikestor_sks8310-8x:-
Seekswan » Zikestor Sks8310-8x Firmware » Version: Any

cpe:2.3:o:seekswan:zikestor_sks8310-8x_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25070

Products

Pricing

Contact Us