Description
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet.
Published: 2026-04-20
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in Silex Technology's AMC Manager and SD-330AC allows an attacker to authenticate to the device without knowing the correct password by sending a specially crafted packet. This bypass results in unauthorized access, enabling the attacker to control the device's configuration and settings. The weakness is a flaw in resource handling where sensitive data is not removed before reuse, a classic instance of CWE-226.

Affected Systems

Silex Technology, Inc. provides AMC Manager and SD-330AC. No specific firmware or hardware revision is mentioned, and version details are not supplied. The products are affected by the flaw regardless of any particular sub-version, so all deployments using these devices should consider themselves potentially vulnerable.

Risk and Exploitability

With a CVSS score of 7.1, this vulnerability is of medium‑to‑high severity. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. Attackers can exploit the issue remotely over the network by sending a crafted packet to the device, making the vulnerability potentially reachable in environments with exposed management interfaces.

Generated by OpenCVE AI on April 20, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the latest firmware or software update from Silex Technology that addresses the authentication bypass.
  • Restrict management access by enabling firewalls or VLAN segmentation to limit who can reach the device from untrusted networks.
  • Regularly review device logs for signs of unauthorized login attempts and consider disabling unused management protocols if possible.

Generated by OpenCVE AI on April 20, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Silextechnology sd-330ac Firmware
CPEs cpe:2.3:a:silextechnology:amc_manager:*:*:*:*:*:*:*:*
cpe:2.3:h:silextechnology:sd-330ac:-:*:*:*:*:*:*:*
cpe:2.3:o:silextechnology:sd-330ac_firmware:*:*:*:*:*:*:*:*
Vendors & Products Silextechnology sd-330ac Firmware

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Silextechnology
Silextechnology amc Manager
Silextechnology sd-330ac
Vendors & Products Silextechnology
Silextechnology amc Manager
Silextechnology sd-330ac
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Sensitive Resource Reuse in Silex AMC Manager and SD-330AC

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet.
Weaknesses CWE-226
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Silextechnology Amc Manager Sd-330ac Sd-330ac Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-20T13:57:13.495Z

Reserved: 2026-03-17T00:23:24.981Z

Link: CVE-2026-32960

cve-icon Vulnrichment

Updated: 2026-04-20T13:57:09.411Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-20T04:16:44.037

Modified: 2026-04-22T17:01:57.663

Link: CVE-2026-32960

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T14:58:17Z

Weaknesses