Sd 330Ac
Monthly
Stack-based buffer overflow in silex technology's SD-330AC (Ver.1.42 and earlier) and AMC Manager (Ver.5.0.2 and earlier) enables authenticated remote attackers to execute arbitrary code on the device via maliciously crafted redirect URLs. Reported by JPCERT with vendor advisories published, though EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV), and SSVC assessment marks exploitation status as 'none' despite the critical nature of remote code execution capability.
Weak cryptographic implementation in Silex Technology SD-330AC wireless LAN adapters (v1.42 and earlier) and AMC Manager software (v5.0.2 and earlier) allows network-positioned attackers to intercept and decrypt network traffic through man-in-the-middle attacks. The vulnerability stems from use of broken or risky cryptographic algorithms (CWE-327), enabling confidentiality breach of transmitted data. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability, and CISA SSVC framework classifies this as non-exploited with non-automatable attacks requiring attacker positioning. No public exploit code or active exploitation reported at time of analysis.
Authentication bypass in silex technology SD-330AC (≤1.42) and AMC Manager (≤5.0.2) allows remote attackers to gain unauthorized access by sending specially crafted packets that exploit residual sensitive data in memory. Attacker can log in without valid credentials due to improper clearance of authentication tokens or session data between requests. EPSS score of 0.03% (7th percentile) indicates low observed exploitation probability. JPCERT/CC reported this vulnerability, and vendor advisory confirms patches are available. Requires user interaction (CVSS 4.0 UI:P), limiting automated exploitation.
SD-330AC wireless LAN modules and AMC Manager devices from silex technology allow unauthenticated remote attackers to modify device configuration using null-string passwords when devices remain in factory-default state. CVSS:4.0 8.7 (High Vector, High Integrity Impact) rates this as high severity due to network-based attack vector with no authentication required (AV:N/PR:N/UI:N). EPSS probability remains low at 0.03% (8th percentile), suggesting limited observed exploitation attempts. No active exploitation confirmed at time of analysis per available intelligence. Vulnerability class CWE-1188 (insecure default initialization) represents common industrial IoT security gap where devices ship with unsafe out-of-box configurations.
Stack-based buffer overflow in silex technology's SD-330AC (Ver.1.42 and earlier) and AMC Manager (Ver.5.0.2 and earlier) enables authenticated remote attackers to execute arbitrary code on the device via maliciously crafted redirect URLs. Reported by JPCERT with vendor advisories published, though EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV), and SSVC assessment marks exploitation status as 'none' despite the critical nature of remote code execution capability.
Weak cryptographic implementation in Silex Technology SD-330AC wireless LAN adapters (v1.42 and earlier) and AMC Manager software (v5.0.2 and earlier) allows network-positioned attackers to intercept and decrypt network traffic through man-in-the-middle attacks. The vulnerability stems from use of broken or risky cryptographic algorithms (CWE-327), enabling confidentiality breach of transmitted data. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability, and CISA SSVC framework classifies this as non-exploited with non-automatable attacks requiring attacker positioning. No public exploit code or active exploitation reported at time of analysis.
Authentication bypass in silex technology SD-330AC (≤1.42) and AMC Manager (≤5.0.2) allows remote attackers to gain unauthorized access by sending specially crafted packets that exploit residual sensitive data in memory. Attacker can log in without valid credentials due to improper clearance of authentication tokens or session data between requests. EPSS score of 0.03% (7th percentile) indicates low observed exploitation probability. JPCERT/CC reported this vulnerability, and vendor advisory confirms patches are available. Requires user interaction (CVSS 4.0 UI:P), limiting automated exploitation.
SD-330AC wireless LAN modules and AMC Manager devices from silex technology allow unauthenticated remote attackers to modify device configuration using null-string passwords when devices remain in factory-default state. CVSS:4.0 8.7 (High Vector, High Integrity Impact) rates this as high severity due to network-based attack vector with no authentication required (AV:N/PR:N/UI:N). EPSS probability remains low at 0.03% (8th percentile), suggesting limited observed exploitation attempts. No active exploitation confirmed at time of analysis per available intelligence. Vulnerability class CWE-1188 (insecure default initialization) represents common industrial IoT security gap where devices ship with unsafe out-of-box configurations.