Description
SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.
Published: 2026-04-20
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Configuration Injection
Action: Apply Fix
AI Analysis

Impact

SD‑330AC and AMC Manager from Silex Technology improperly neutralize CRLF characters, enabling an attacker to inject arbitrary configuration entries when malformed data is processed. The vulnerability allows modification of the system configuration without requiring authenticated privileged access, potentially altering device behavior.

Affected Systems

The flaw affects Silex Technology's AMC Manager and SD‑330AC products. No specific version information is disclosed, so all released builds may be impacted until the vendor’s advisory specifies the affected releases.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting that publicly documented exploitation is not yet known. The likely attack vector is through crafted configuration data supplied via an administrative interface, which is inferred from the description. An attacker would need write access to the configuration management subsystem; achieving the injection would provide the ability to alter critical system settings.

Generated by OpenCVE AI on April 20, 2026 at 05:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the latest Silex AMC Manager or SD‑330AC release that addresses the CRLF injection flaw as outlined in the vendor’s advisory.
  • Restrict write permissions on configuration files and directories to trusted administrative accounts only, limiting the ability to supply malformed data.
  • Continuously monitor configuration files for unexpected CRLF sequences or repeated injection attempts, and configure alerting for any unauthorized modifications.

Generated by OpenCVE AI on April 20, 2026 at 05:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Title Improper CRLF Neutralization Leading to Configuration Injection in Silex AMC Manager and SD‑330AC

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.
Weaknesses CWE-93
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-20T03:17:52.839Z

Reserved: 2026-03-17T00:23:24.981Z

Link: CVE-2026-32964

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-20T04:16:45.450

Modified: 2026-04-20T04:16:45.450

Link: CVE-2026-32964

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T06:00:08Z

Weaknesses