Description
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password.
Published: 2026-04-20
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access with full administrative control
Action: Immediate Patch
AI Analysis

Impact

An insecure default configuration in Silex’s SD-330AC and AMC Manager allows a device connected with its factory‑default settings to be authenticated using a null (blank) password. If an attacker can reach the device over the network, this flaw gives them unrestricted administrative access, enabling configuration changes or further compromise of the network segment it serves.

Affected Systems

The vulnerability affects all installations of the SD-330AC switch and the AMC Manager management software produced by Silex technology, Inc. No specific firmware or software versions are listed here, so any unit using the factory‑default credentials is potentially vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity risk. EPSS is not available and the vulnerability is not listed in CISA’s KEV catalog, suggesting that large‑scale exploitation has not been widely observed yet. The likely attack vector is a networking attack originating from an internal or remote source that can contact the device before it is secured. An adversary exploiting this flaw could gain full administrative rights and potentially further compromise other devices on the same network.

Generated by OpenCVE AI on April 20, 2026 at 05:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware or software patch released by Silex technology, Inc. to the SD-330AC and AMC Manager devices.
  • Immediately change the administrator password from the blank default to a strong, unique password and disable any unused default accounts.
  • Isolate the devices on a separate VLAN or restrict network access until the patch is applied, to prevent attackers from reaching them while they remain insecure.

Generated by OpenCVE AI on April 20, 2026 at 05:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Silextechnology sd-330ac Firmware
CPEs cpe:2.3:a:silextechnology:amc_manager:*:*:*:*:*:*:*:*
cpe:2.3:h:silextechnology:sd-330ac:-:*:*:*:*:*:*:*
cpe:2.3:o:silextechnology:sd-330ac_firmware:*:*:*:*:*:*:*:*
Vendors & Products Silextechnology sd-330ac Firmware

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Silextechnology
Silextechnology amc Manager
Silextechnology sd-330ac
Vendors & Products Silextechnology
Silextechnology amc Manager
Silextechnology sd-330ac
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 05:45:00 +0000

Type Values Removed Values Added
Title Insecure Default Password Allows Unauthenticated Access on Silex SD‑330AC and AMC Manager

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password.
Weaknesses CWE-1188
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Silextechnology Amc Manager Sd-330ac Sd-330ac Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-20T14:23:36.842Z

Reserved: 2026-03-17T00:23:24.981Z

Link: CVE-2026-32965

cve-icon Vulnrichment

Updated: 2026-04-20T14:23:33.397Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-20T04:16:45.583

Modified: 2026-04-22T17:29:52.023

Link: CVE-2026-32965

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T14:58:23Z

Weaknesses