Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
AnalysisAI
Remote code execution in silex technology SD-330AC and AMC Manager allows unauthenticated network attackers to execute arbitrary code via heap-based buffer overflow when processing redirect URLs. CVSS 9.3 critical severity with attack vector AV:N/AC:L/PR:N/UI:N indicates trivial exploitation against internet-facing devices. No public exploit identified at time of analysis, though JPCERT coordination suggests vendor-confirmed vulnerability. EPSS data not available; real-world risk depends on internet exposure of affected silex wireless bridge and management software installations.
Technical ContextAI
This vulnerability affects silex technology's SD-330AC (a wireless bridge/access point device) and AMC Manager (device management software). The flaw is a heap-based buffer overflow (CWE-122) triggered during redirect URL processing, likely in HTTP/HTTPS handling code that parses Location headers or similar redirect mechanisms. Heap overflows occur when data copied to dynamically allocated memory exceeds buffer boundaries, corrupting adjacent heap structures. Unlike stack overflows, heap exploitation can overwrite function pointers, virtual tables, or heap metadata to achieve code execution. The redirect URL attack vector suggests the vulnerability lies in web server components or administrative interfaces that handle URL redirection, making it exploitable through crafted HTTP requests without prior authentication.
RemediationAI
Apply vendor-released patches detailed in silex technology security advisory 2026-001 available at https://www.silex.jp/support/security-advisories/en/2026-001. Exact patched firmware versions for SD-330AC and AMC Manager software releases are specified in the advisory; prioritize upgrading internet-facing installations immediately. If patching cannot be completed within 24-48 hours, implement these compensating controls: (1) Remove SD-330AC devices and AMC Manager interfaces from public internet exposure by placing behind firewall with strict IP whitelisting for administrative access only - eliminates AV:N attack vector but requires VPN for remote management. (2) Disable HTTP/HTTPS redirect functionality in device configuration if operationally feasible - may break legitimate redirect-based workflows but prevents exploitation of the specific vulnerable code path. (3) Deploy intrusion prevention signatures to detect malformed redirect URL patterns in HTTP requests targeting silex devices - effective against automated exploitation but bypassable with obfuscation. Note that compensating controls do not eliminate the vulnerability and should be temporary measures only.
Stack-based buffer overflow in silex technology's SD-330AC (Ver.1.42 and earlier) and AMC Manager (Ver.5.0.2 and earlier
SD-330AC wireless LAN modules and AMC Manager devices from silex technology allow unauthenticated remote attackers to mo
Weak cryptographic implementation in Silex Technology SD-330AC wireless LAN adapters (v1.42 and earlier) and AMC Manager
Authentication bypass in silex technology SD-330AC (≤1.42) and AMC Manager (≤5.0.2) allows remote attackers to gain unau
Unauthenticated arbitrary file upload in Silex Technology SD-330AC and AMC Manager firmware maintenance functions allows
SD-330AC and AMC Manager by Silex Technology lack authentication controls on critical configuration functions, allowing
CRLF injection in Silex Technology SD-330AC and AMC Manager allows unauthenticated remote attackers to inject arbitrary
Heap-based buffer overflow in Silex SD-330AC and AMC Manager packet processing allows remote unauthenticated attackers t
Hard-coded cryptographic keys in Silex Technology SD-330AC and AMC Manager enable attackers to forge firmware updates th
Reflected cross-site scripting (XSS) in Silex Technology SD-330AC and AMC Manager allows remote attackers to execute arb
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23749
GHSA-jwm2-xvrj-2mh2