Description
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
Published: 2026-04-20
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

An overflow occurs in the device’s heap when it processes redirect URLs, which provides a path for an attacker to inject arbitrary code and execute it with the device’s privileges. Based on the description, it is inferred that an attacker can craft a malicious redirect URL that triggers the buffer overflow and runs arbitrary code. The flaw is a classic heap‑based buffer overflow identified as CWE‑122, and the impact is the potential for full compromise of the device.

Affected Systems

The vulnerability affects Silex Technology, Inc.’s AMC Manager and SD‑330AC products. No specific version numbers are listed, so all releases that contain the redirect‑URL handling routine may be impacted until a fix is applied.

Risk and Exploitability

The CVSS score of 9.3 classifies the issue as high severity, indicating a significant threat if exploited. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, yet the lack of these metrics does not lower the risk. Based on the description, it is inferred that an attacker can exploit the flaw over the network by sending a crafted redirect URL to the device, after which arbitrary code runs with the device’s privileges. The high CVSS score and the nature of the vulnerability suggest that exploitation could lead to complete system compromise, lateral movement, and data exfiltration.

Generated by OpenCVE AI on April 20, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware or software update from Silex that addresses the buffer‑overflow flaw in redirect‑URL processing.
  • Restrict or block external access to the device’s management and network interfaces to limit opportunities for attackers to deliver malicious redirect URLs.
  • If a patch is not yet available, disable or limit redirect‑URL functionality on the device so that untrusted URLs are ignored.

Generated by OpenCVE AI on April 20, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Title Heap‑Based Buffer Overflow in Redirect URL Processing Allows Arbitrary Code Execution

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-20T03:20:01.225Z

Reserved: 2026-03-17T00:23:24.980Z

Link: CVE-2026-32956

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-20T04:16:34.810

Modified: 2026-04-20T04:16:34.810

Link: CVE-2026-32956

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T06:00:08Z

Weaknesses