Used to track research progress on the S3150-8T2F model of switch from FS.com.
Full write up so far: https://github.com/SwiftSecur/S3150-8T2F-FS.com-Research/wiki
The aim of this research was to identify security based issues within a range of switches manufactured by 'FS.COM Innovation LTD'. After working with several of the vendors enterprise level switches a number of quirks were noted within the web GUI administrative interface, CLI and firmware packaging that warranted further inspection under research conditions.
The rationale for the research was to provide security based assurances on the use of the vendor's devices within corporate environments by conducting a series of targeted research projects that focused on the following areas of interest:
- Raw Firmware
- CLI administration interface
- Web based administrative GUI
The target device used for this initial piece of research was a model from the vendors entry level range: S3150-8T2F
The firmware version used for this research was version 2.2.0D Build 118101.
- CVE 2025 25613 - Cleartext Storage of Sensitive Information in a Cookie
- CVE 2025 25612 - timerangelist.asp: Stored Cross Site Scripting
- CVE-2025-25625 - Logo.asp: Reflected Cross Site Scripting
- CVE-2025-66696 - Hard Coded Diagnosis Mode Password
- CVE-2025-66697 - ios.asp: Broken Access Control