{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-02T04:41:55.174","vulnerabilities":[{"cve":{"id":"CVE-2026-25071","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-03-07T01:15:58.083","lastModified":"2026-06-17T10:24:04.733","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to retrieve sensitive configuration information including VLAN settings and IP addressing details."},{"lang":"es","value":"Las versiones de firmware 1.04.B07 y anteriores del switch de red XikeStor SKS8310-8X contienen una vulnerabilidad de autenticación faltante en el endpoint /switch_config.src que permite a atacantes remotos no autenticados descargar archivos de configuración del dispositivo. Los atacantes pueden acceder a este endpoint sin credenciales para recuperar información de configuración sensible, incluyendo la configuración de VLAN y detalles de direccionamiento IP."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Anhui Seeker Electronic Technology Co., LTD.","product":"XikeStor SKS8310-8X","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"1.04.B07","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-10T17:44:36.159776Z","id":"CVE-2026-25071","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:seekswan:zikestor_sks8310-8x_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.04.b07","matchCriteriaId":"428F1B0B-87A7-43BB-B927-B9FCCF7DF783"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:seekswan:zikestor_sks8310-8x:-:*:*:*:*:*:*:*","matchCriteriaId":"5A40072B-67E8-4D29-AC3A-D2BEF0DAF847"}]}]}],"references":[{"url":"https://openwrt.org/toh/xikestor/sks8310-8x?s%5B%5D=xikestor&s%5B%5D=sks8310&s%5B%5D=8x","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.aliexpress.com/i/3256808697772710.html","source":"disclosure@vulncheck.com","tags":["Product"]}]}}]}