Amc Manager
Monthly
Remote code execution in silex technology SD-330AC and AMC Manager allows unauthenticated network attackers to execute arbitrary code via heap-based buffer overflow when processing redirect URLs. CVSS 9.3 critical severity with attack vector AV:N/AC:L/PR:N/UI:N indicates trivial exploitation against internet-facing devices. No public exploit identified at time of analysis, though JPCERT coordination suggests vendor-confirmed vulnerability. EPSS data not available; real-world risk depends on internet exposure of affected silex wireless bridge and management software installations.
Stack-based buffer overflow in silex technology's SD-330AC (Ver.1.42 and earlier) and AMC Manager (Ver.5.0.2 and earlier) enables authenticated remote attackers to execute arbitrary code on the device via maliciously crafted redirect URLs. Reported by JPCERT with vendor advisories published, though EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV), and SSVC assessment marks exploitation status as 'none' despite the critical nature of remote code execution capability.
Unauthenticated arbitrary file upload in Silex Technology SD-330AC and AMC Manager firmware maintenance functions allows remote attackers to upload malicious files without credentials, potentially leading to device compromise or unauthorized firmware modification. The CVSS score of 5.3 reflects limited integrity impact in a network-accessible service with no authentication requirement, though the real-world risk depends on what actions an attacker can perform post-upload.
Hard-coded cryptographic keys in Silex Technology SD-330AC and AMC Manager enable attackers to forge firmware updates that administrative users may be tricked into applying via social engineering, allowing arbitrary firmware installation without detection. The vulnerability affects all versions of both products and exploits a fundamental key management flaw (CWE-321). While the CVSS score of 6.5 reflects network accessibility and high integrity impact, real-world exploitation requires user interaction (UI:R) to convince an administrator to install malicious firmware.
Weak cryptographic implementation in Silex Technology SD-330AC wireless LAN adapters (v1.42 and earlier) and AMC Manager software (v5.0.2 and earlier) allows network-positioned attackers to intercept and decrypt network traffic through man-in-the-middle attacks. The vulnerability stems from use of broken or risky cryptographic algorithms (CWE-327), enabling confidentiality breach of transmitted data. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability, and CISA SSVC framework classifies this as non-exploited with non-automatable attacks requiring attacker positioning. No public exploit code or active exploitation reported at time of analysis.
Authentication bypass in silex technology SD-330AC (≤1.42) and AMC Manager (≤5.0.2) allows remote attackers to gain unauthorized access by sending specially crafted packets that exploit residual sensitive data in memory. Attacker can log in without valid credentials due to improper clearance of authentication tokens or session data between requests. EPSS score of 0.03% (7th percentile) indicates low observed exploitation probability. JPCERT/CC reported this vulnerability, and vendor advisory confirms patches are available. Requires user interaction (CVSS 4.0 UI:P), limiting automated exploitation.
Heap-based buffer overflow in Silex SD-330AC and AMC Manager packet processing allows remote unauthenticated attackers to trigger a temporary denial-of-service condition via crafted network packets to the sx_smpd service. CVSS score is 5.3 (moderate) with confirmed active reporting by JPCERT, though no public exploit code or CISA KEV listing is evident from available data. Attack requires only network access and no authentication or user interaction.
SD-330AC and AMC Manager by Silex Technology lack authentication controls on critical configuration functions, allowing remote attackers to modify device settings without credentials. The CVSS score of 5.3 reflects network-accessible integrity impact with no complexity barrier, though confidentiality and availability are not directly affected. No active exploitation has been confirmed in CISA KEV or public exploit repositories at the time of analysis.
Reflected cross-site scripting (XSS) in Silex Technology SD-330AC and AMC Manager allows remote attackers to execute arbitrary JavaScript in users' browsers when they visit crafted web pages after authenticating to the affected device. The vulnerability requires user interaction and affects both products across all versions. No patch release or active exploitation status has been confirmed.
CRLF injection in Silex Technology SD-330AC and AMC Manager allows unauthenticated remote attackers to inject arbitrary configuration entries via crafted input, degrading system integrity and availability. The vulnerability affects all versions of both products and requires no authentication or user interaction, with public disclosure through JPCERT and vendor advisories indicating elevated awareness in production environments.
SD-330AC wireless LAN modules and AMC Manager devices from silex technology allow unauthenticated remote attackers to modify device configuration using null-string passwords when devices remain in factory-default state. CVSS:4.0 8.7 (High Vector, High Integrity Impact) rates this as high severity due to network-based attack vector with no authentication required (AV:N/PR:N/UI:N). EPSS probability remains low at 0.03% (8th percentile), suggesting limited observed exploitation attempts. No active exploitation confirmed at time of analysis per available intelligence. Vulnerability class CWE-1188 (insecure default initialization) represents common industrial IoT security gap where devices ship with unsafe out-of-box configurations.
Remote code execution in silex technology SD-330AC and AMC Manager allows unauthenticated network attackers to execute arbitrary code via heap-based buffer overflow when processing redirect URLs. CVSS 9.3 critical severity with attack vector AV:N/AC:L/PR:N/UI:N indicates trivial exploitation against internet-facing devices. No public exploit identified at time of analysis, though JPCERT coordination suggests vendor-confirmed vulnerability. EPSS data not available; real-world risk depends on internet exposure of affected silex wireless bridge and management software installations.
Stack-based buffer overflow in silex technology's SD-330AC (Ver.1.42 and earlier) and AMC Manager (Ver.5.0.2 and earlier) enables authenticated remote attackers to execute arbitrary code on the device via maliciously crafted redirect URLs. Reported by JPCERT with vendor advisories published, though EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV), and SSVC assessment marks exploitation status as 'none' despite the critical nature of remote code execution capability.
Unauthenticated arbitrary file upload in Silex Technology SD-330AC and AMC Manager firmware maintenance functions allows remote attackers to upload malicious files without credentials, potentially leading to device compromise or unauthorized firmware modification. The CVSS score of 5.3 reflects limited integrity impact in a network-accessible service with no authentication requirement, though the real-world risk depends on what actions an attacker can perform post-upload.
Hard-coded cryptographic keys in Silex Technology SD-330AC and AMC Manager enable attackers to forge firmware updates that administrative users may be tricked into applying via social engineering, allowing arbitrary firmware installation without detection. The vulnerability affects all versions of both products and exploits a fundamental key management flaw (CWE-321). While the CVSS score of 6.5 reflects network accessibility and high integrity impact, real-world exploitation requires user interaction (UI:R) to convince an administrator to install malicious firmware.
Weak cryptographic implementation in Silex Technology SD-330AC wireless LAN adapters (v1.42 and earlier) and AMC Manager software (v5.0.2 and earlier) allows network-positioned attackers to intercept and decrypt network traffic through man-in-the-middle attacks. The vulnerability stems from use of broken or risky cryptographic algorithms (CWE-327), enabling confidentiality breach of transmitted data. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability, and CISA SSVC framework classifies this as non-exploited with non-automatable attacks requiring attacker positioning. No public exploit code or active exploitation reported at time of analysis.
Authentication bypass in silex technology SD-330AC (≤1.42) and AMC Manager (≤5.0.2) allows remote attackers to gain unauthorized access by sending specially crafted packets that exploit residual sensitive data in memory. Attacker can log in without valid credentials due to improper clearance of authentication tokens or session data between requests. EPSS score of 0.03% (7th percentile) indicates low observed exploitation probability. JPCERT/CC reported this vulnerability, and vendor advisory confirms patches are available. Requires user interaction (CVSS 4.0 UI:P), limiting automated exploitation.
Heap-based buffer overflow in Silex SD-330AC and AMC Manager packet processing allows remote unauthenticated attackers to trigger a temporary denial-of-service condition via crafted network packets to the sx_smpd service. CVSS score is 5.3 (moderate) with confirmed active reporting by JPCERT, though no public exploit code or CISA KEV listing is evident from available data. Attack requires only network access and no authentication or user interaction.
SD-330AC and AMC Manager by Silex Technology lack authentication controls on critical configuration functions, allowing remote attackers to modify device settings without credentials. The CVSS score of 5.3 reflects network-accessible integrity impact with no complexity barrier, though confidentiality and availability are not directly affected. No active exploitation has been confirmed in CISA KEV or public exploit repositories at the time of analysis.
Reflected cross-site scripting (XSS) in Silex Technology SD-330AC and AMC Manager allows remote attackers to execute arbitrary JavaScript in users' browsers when they visit crafted web pages after authenticating to the affected device. The vulnerability requires user interaction and affects both products across all versions. No patch release or active exploitation status has been confirmed.
CRLF injection in Silex Technology SD-330AC and AMC Manager allows unauthenticated remote attackers to inject arbitrary configuration entries via crafted input, degrading system integrity and availability. The vulnerability affects all versions of both products and requires no authentication or user interaction, with public disclosure through JPCERT and vendor advisories indicating elevated awareness in production environments.
SD-330AC wireless LAN modules and AMC Manager devices from silex technology allow unauthenticated remote attackers to modify device configuration using null-string passwords when devices remain in factory-default state. CVSS:4.0 8.7 (High Vector, High Integrity Impact) rates this as high severity due to network-based attack vector with no authentication required (AV:N/PR:N/UI:N). EPSS probability remains low at 0.03% (8th percentile), suggesting limited observed exploitation attempts. No active exploitation confirmed at time of analysis per available intelligence. Vulnerability class CWE-1188 (insecure default initialization) represents common industrial IoT security gap where devices ship with unsafe out-of-box configurations.