PT-2026-23781 · Xikestor · Xikestor Sks8310-8X Network Switch

Vulncheck

Published

2026-03-07

Updated

2026-03-12

CVE-2026-25070

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions XikeStor SKS8310-8X Network Switch versions prior to 1.04.B07

Description The XikeStor SKS8310-8X Network Switch contains an OS command injection issue in the /goform/PingTestSet API endpoint. Unauthenticated remote attackers can execute arbitrary operating system commands with root privileges on the network switch. Attackers can inject malicious commands through the destIp parameter to achieve remote code execution. This allows for potential use as a pivot point for lateral movement within a network.

Recommendations Versions prior to 1.04.B07 should be updated.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-25070

Affected Products

Xikestor Sks8310-8X Network Switch

PT-2026-23781 · Xikestor · Xikestor Sks8310-8X Network Switch

CVE-2026-25070

Weakness Enumeration

Related Identifiers

Affected Products

References · 12