Description
SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update.
Published: 2026-04-20
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Firmware Bypass via Hard‑Coded Key
Action: Apply Patch
AI Analysis

Impact

SD‑330AC and AMC Manager use a fixed cryptographic key, enabling an attacker to replace legitimate firmware with a malicious image that the system will accept without verification. This flaw, categorized as CWE‑321 (Weak Cryptographic Key), can allow arbitrary code execution or unauthorized control of the device, as the compromised firmware runs with the same privileges as authentic updates.

Affected Systems

The vulnerability affects Silex technology, Inc.'s AMC Manager and SD‑330AC devices that contain the hard‑coded cryptographic key. No specific version information is provided, indicating that all current releases of these products are potentially susceptible.

Risk and Exploitability

With a CVSS score of 6.9 the flaw carries medium severity. The EPSS score is not available and it is not listed in the CISA KEV catalog, indicating that no current data informs the likelihood of exploitation. The likely attack vector, inferred from the description, involves a social engineering or remote delivery of a fake firmware update; however, this specific vector is not explicitly stated in the input.

Generated by OpenCVE AI on April 20, 2026 at 06:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor‑issued patch or update firmware to a version that removes the hard‑coded cryptographic key.
  • Verify all firmware updates by checking the vendor’s cryptographic signature and reject any update lacking a valid signature.
  • Restrict firmware update capability to a trusted network segment and require multi‑factor authentication for administrative users.

Generated by OpenCVE AI on April 20, 2026 at 06:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Title Hard‑Coded Cryptographic Key Enables Fake Firmware Updates

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update.
Weaknesses CWE-321
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-20T03:19:16.492Z

Reserved: 2026-03-17T00:23:24.980Z

Link: CVE-2026-32958

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-20T04:16:42.580

Modified: 2026-04-20T04:16:42.580

Link: CVE-2026-32958

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T07:00:11Z

Weaknesses