Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.
AnalysisAI
CRLF injection in Silex Technology SD-330AC and AMC Manager allows unauthenticated remote attackers to inject arbitrary configuration entries via crafted input, degrading system integrity and availability. The vulnerability affects all versions of both products and requires no authentication or user interaction, with public disclosure through JPCERT and vendor advisories indicating elevated awareness in production environments.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The vulnerability requires network-accessible SD-330AC or AMC Manager with default or exposed configuration endpoints. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This vulnerability presents significant real-world risk despite a moderate CVSS score of 6.5. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the network sends a crafted HTTP or API request to the SD-330AC or AMC Manager configuration endpoint, embedding CRLF sequences in a parameter field (e.g., a device name, DNS setting, or access control list entry). The application parses the input without sanitization and writes it directly to the system configuration file. … |
| Remediation | Check the Silex Technology security advisories (https://www.silex.jp/support/security-advisories/en/2026-001) for patched versions specific to your SD-330AC and AMC Manager installations, as exact fix versions are not provided in available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote code execution in silex technology SD-330AC and AMC Manager allows unauthenticated network attackers to execute a
Stack-based buffer overflow in silex technology's SD-330AC (Ver.1.42 and earlier) and AMC Manager (Ver.5.0.2 and earlier
SD-330AC wireless LAN modules and AMC Manager devices from silex technology allow unauthenticated remote attackers to mo
Weak cryptographic implementation in Silex Technology SD-330AC wireless LAN adapters (v1.42 and earlier) and AMC Manager
Authentication bypass in silex technology SD-330AC (≤1.42) and AMC Manager (≤5.0.2) allows remote attackers to gain unau
Unauthenticated arbitrary file upload in Silex Technology SD-330AC and AMC Manager firmware maintenance functions allows
SD-330AC and AMC Manager by Silex Technology lack authentication controls on critical configuration functions, allowing
Heap-based buffer overflow in Silex SD-330AC and AMC Manager packet processing allows remote unauthenticated attackers t
Hard-coded cryptographic keys in Silex Technology SD-330AC and AMC Manager enable attackers to forge firmware updates th
Reflected cross-site scripting (XSS) in Silex Technology SD-330AC and AMC Manager allows remote attackers to execute arb
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23757
GHSA-5f3w-cmwx-c9m9