The flaw arises from a missing authentication check in the firmware maintenance interface of Silex technology Inc.'s AMC Manager and SD-330AC devices. Because the check is absent, an unauthenticated actor can upload an arbitrary file to the device. If the uploaded payload is interpreted as executable code or a script, the attacker can execute arbitrary commands on the device, effectively gaining remote control. This absence of authentication directly maps to CWE‑306, a missing authentication weakness that enables unauthorized use of critical functions. The vulnerability has a CVSS score of 6.9, signifying medium severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not currently widely exploited. Nonetheless, the remote, unauthenticated nature means that an attacker who can reach the firmware maintenance port could upload malicious files without privilege, leading to potential remote code execution and compromise of confidentiality, integrity, and availability.

The affected systems are devices running Silex technology Inc.'s AMC Manager firmware and the SD‑330AC hardware. No specific firmware version ranges were released in the advisory, so all versions that contain the vulnerable interface are considered at risk until a patch is delivered.

The vulnerability has a CVSS score of 6.9, signifying medium severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating that widespread exploitation has not been documented. However, the flaw allows an attacker who can reach the firmware maintenance port to upload arbitrary files without authentication, affording a straight path to remote code execution. Once such a file is accepted, the attacker can execute arbitrary commands, creating a high impact threat to the device's confidentiality, integrity, and availability.