Description
SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
Published: 2026-04-20
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow occurs when the device processes redirect URLs, allowing an attacker to inject and execute arbitrary code with the device’s privileges. The flaw stems from improper bounds checking, and exploitation grants full control over the device, compromising confidentiality, integrity, and availability. Based on the description, any external source that can submit a crafted redirect URL may trigger the overflow.

Affected Systems

Silex Technology, Inc. products AMC Manager and SD-330AC are affected. No specific version information was provided, so all current releases of these products are considered vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. While EPSS data is not available, a stack-based buffer overflow enabling remote code execution suggests a realistic likelihood of exploitation if an attacker can contact the device. The vulnerability is not listed in CISA’s KEV catalog. The most probable attack path involves sending a malicious redirect URL from an external host to the device’s management interface, leading to arbitrary code execution.

Generated by OpenCVE AI on April 20, 2026 at 05:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the firmware or software patch released by Silex for AMC Manager and SD-330AC as documented in the cited security advisory.
  • If a patch is not yet available, isolate the devices from untrusted networks or restrict management traffic to only permitted hosts.
  • As a temporary workaround, disable or restrict redirect URL support on the devices by disabling the feature through configuration or by implementing firewall rules to block incoming redirect requests.
  • Monitor device logs for unusual redirect URL usage and configure alerts for potential exploitation attempts.

Generated by OpenCVE AI on April 20, 2026 at 05:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Silextechnology
Silextechnology amc Manager
Silextechnology sd-330ac
Vendors & Products Silextechnology
Silextechnology amc Manager
Silextechnology sd-330ac

Mon, 20 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 05:45:00 +0000

Type Values Removed Values Added
Title Stack-based Buffer Overflow in Redirect URL Processing Allowing Arbitrary Code Execution

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Silextechnology Amc Manager Sd-330ac
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-20T13:36:04.747Z

Reserved: 2026-03-17T00:23:24.980Z

Link: CVE-2026-32955

cve-icon Vulnrichment

Updated: 2026-04-20T13:32:22.664Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-20T04:16:29.113

Modified: 2026-04-20T19:05:30.750

Link: CVE-2026-32955

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T14:58:13Z

Weaknesses