Description
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet.
Published: 2026-04-20
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: Unauthorized Access
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in Silex Technology's AMC Manager and SD-330AC allows an attacker to authenticate to the device without knowing the correct password by sending a specially crafted packet. This bypass results in unauthorized access, enabling the attacker to control the device's configuration and settings. The weakness is a flaw in resource handling where sensitive data is not removed before reuse, a classic instance of CWE-226.

Affected Systems

Silex Technology, Inc. provides AMC Manager and SD-330AC. No specific firmware or hardware revision is mentioned, and version details are not supplied. The products are affected by the flaw regardless of any particular sub-version, so all deployments using these devices should consider themselves potentially vulnerable.

Risk and Exploitability

With a CVSS score of 7.1, this vulnerability is of medium‑to‑high severity. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. Attackers can exploit the issue remotely over the network by sending a crafted packet to the device, making the vulnerability potentially reachable in environments with exposed management interfaces.

Generated by OpenCVE AI on April 20, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the latest firmware or software update from Silex Technology that addresses the authentication bypass.
  • Restrict management access by enabling firewalls or VLAN segmentation to limit who can reach the device from untrusted networks.
  • Regularly review device logs for signs of unauthorized login attempts and consider disabling unused management protocols if possible.

Generated by OpenCVE AI on April 20, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Sensitive Resource Reuse in Silex AMC Manager and SD-330AC

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet.
Weaknesses CWE-226
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-20T03:18:47.538Z

Reserved: 2026-03-17T00:23:24.981Z

Link: CVE-2026-32960

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-20T04:16:44.037

Modified: 2026-04-20T04:16:44.037

Link: CVE-2026-32960

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T06:30:45Z

Weaknesses