Summary
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication.
The following versions of Silex Technology SD-330AC and AMC Manager are affected:
- SD-330AC <=1.42 (CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, CVE-2026-32958, CVE-2015-5621, CVE-2026-32959, CVE-2026-32960, CVE-2026-32961, CVE-2026-32962, CVE-2024-24487, CVE-2026-32963, CVE-2026-32964, CVE-2026-32965)
- AMC Manager <=5.0.2 (CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, CVE-2026-32958, CVE-2015-5621, CVE-2026-32959, CVE-2026-32960, CVE-2026-32961, CVE-2026-32962, CVE-2024-24487, CVE-2026-32963, CVE-2026-32964, CVE-2026-32965)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.8 | Silex Technology | Silex Technology SD-330AC and AMC Manager | Stack-based Buffer Overflow, Heap-based Buffer Overflow, Missing Authentication for Critical Function, Use of Hard-coded Cryptographic Key, Dependency on Vulnerable Third-Party Component, Use of a Broken or Risky Cryptographic Algorithm, Sensitive Information in Resource Not Removed Before Reuse, Incorrect Privilege Assignment, Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), Improper Neutralization of CRLF Sequences (‘CRLF Injection’), Initialization of a Resource with an Insecure Default |
Background
- Critical Infrastructure Sectors: Information Technology
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Japan
Vulnerabilities
CVE-2026-32955
A Stack-based Buffer Overflow vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to execute arbitrary code on the device.
Affected Products
Silex Technology SD-330AC and AMC Manager
Silex Technology
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2
known_affected
Remediations
Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later
Vendor fix
AMC Manager Ver.5.1.0 or later
Mitigation
CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963: Disable HTTP/HTTPS service.
Mitigation
For more information, see Silex Technology’s security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001
Mitigation
For more information, see Silex Technology’s security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001
Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/
Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
Read the original article: