Description
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication.
Published: 2026-04-20
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Device Configuration Changes
Action: Apply Vendor Update
AI Analysis

Impact

The vulnerability arises from a missing authentication requirement for a critical configuration function in Silex technology's SD-330AC devices and AMC Manager software. An attacker can alter device settings without verification, potentially disrupting network operations, routing, or security controls. This flaw affects the integrity and availability of the affected devices.

Affected Systems

Products impacted are Silex technology, Inc.'s SD-330AC series network devices and the AMC Manager management software used to configure them.

Risk and Exploitability

The CVSS score of 6.9 classifies this issue as a moderate risk. While no EPSS data is available, the lack of authentication suggests a straightforward remote exploitation path from any network segment that can reach the device’s management interface. The vulnerability is not currently listed in the CISA KEV catalog, indicating no known active exploitation. Nonetheless, attackers could leverage standard network tools to modify configurations if they gain network access to the management interface.

Generated by OpenCVE AI on April 20, 2026 at 05:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and install the latest firmware or patch from Silex technology for both SD-330AC and AMC Manager
  • Restrict network access to device management interfaces using firewalls or VLAN segmentation to limit exposed attack surface
  • Enforce strong authentication and, where possible, disable unsecured remote management options; enable logging to detect unauthorized configuration attempts

Generated by OpenCVE AI on April 20, 2026 at 05:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Silextechnology
Silextechnology amc Manager
Silextechnology sd-330ac
Vendors & Products Silextechnology
Silextechnology amc Manager
Silextechnology sd-330ac
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 05:45:00 +0000

Type Values Removed Values Added
Title Missing Authentication Allows Device Configuration Changes

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication.
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Silextechnology Amc Manager Sd-330ac
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-20T14:52:15.598Z

Reserved: 2026-03-17T00:23:24.981Z

Link: CVE-2026-32962

cve-icon Vulnrichment

Updated: 2026-04-20T14:52:12.054Z

cve-icon NVD

Status : Received

Published: 2026-04-20T04:16:44.840

Modified: 2026-04-20T04:16:44.840

Link: CVE-2026-32962

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T14:58:20Z

Weaknesses