Description
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack.
Published: 2026-04-20
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: Confidentiality loss via man‑in‑the‑middle due to weak encryption
Action: Apply Patch
AI Analysis

Impact

SD‑330AC and AMC Manager supplied by Silex Technology contain an implementation that uses a broken or risky cryptographic algorithm. The weakness allows traffic to be read by an attacker performing a man‑in‑the‑middle (MITM) attack, which can reveal sensitive information transmitted by the device. This flaw is a type of cryptographic weakness (CWE‑327).

Affected Systems

Devices from Silex Technology, Inc. that run AMC Manager or SD‑330AC are affected. No specific firmware or software release numbers are disclosed in the advisory, so the scope of the vulnerability remains unknown until further product‑specific information is provided.

Risk and Exploitability

With a CVSS score of 8.2, the vulnerability is considered high severity. The EPSS score is not available and the issue is not listed in CISA’s KEV catalog. The attack vector is inferred from the description and is a network‑based MITM scenario; an attacker who can intercept or alter traffic between the device and its management station would be able to recover the compromised data. Because no preventative controls are mentioned, the risk is significant for environments that rely on the weak algorithm for secure communication.

Generated by OpenCVE AI on April 20, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the vendor‑supplied firmware or software patch for AMC Manager and SD‑330AC
  • Configure the devices to use a modern, secure cipher suite or enable TLS 1.2 or higher if supported
  • Deploy a VPN or network segmentation to isolate device traffic from potential MITM attackers
  • Monitor communication for signs of traffic tampering or anomalous cipher usage

Generated by OpenCVE AI on April 20, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Title Weak Cryptographic Algorithm Enables Man‑in‑the‑Middle Data Retrieval

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack.
Weaknesses CWE-327
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-20T03:18:56.184Z

Reserved: 2026-03-17T00:23:24.980Z

Link: CVE-2026-32959

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-20T04:16:43.790

Modified: 2026-04-20T04:16:43.790

Link: CVE-2026-32959

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T06:00:08Z

Weaknesses