CVE-2026-32956
Received Received - Intake
Heap-Based Buffer Overflow in Silex SD-330AC Enables Code Execution

Publication date: 2026-04-20

Last updated on: 2026-04-22

Assigner: JPCERT/CC

Description
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-20
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32956
EUVD
EUVD-2026-23749
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
silextechnology sd-330ac_firmware to 1.50 (exc)
silextechnology amc_manager to 5.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact or implications of CVE-2026-32956 on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate the CVE-2026-32956 vulnerability, the immediate recommended step is to disable the HTTP/HTTPS services on the affected device to prevent access to the vulnerable web interface.

Additionally, applying the vendor-provided firmware update to SD-330AC version 1.50 or later and AMC Manager version 5.1.0 or later is strongly advised. These updates address this and other related vulnerabilities by enforcing mandatory administrator password setup, disabling firmware downgrades, and requiring updated management tools for compatibility.

Detection Guidance

The CVE-2026-32956 vulnerability affects the SD-330AC and AMC Manager products by silex technology, Inc., specifically involving a heap-based buffer overflow in processing redirect URLs on the device's web configuration interface.

Detection typically involves identifying devices running vulnerable firmware versions (SD-330AC version 1.42 and earlier, AMC Manager version 5.0.2 and earlier) on your local network.

Since the vulnerability is exploitable via HTTP/HTTPS services on the device, you can scan your network for devices exposing these services and check their firmware versions.

  • Use network scanning tools like nmap to detect devices with open HTTP/HTTPS ports (usually ports 80 and 443):
  • nmap -p 80,443 --open -sV <target-network-range>
  • Once identified, access the device's web interface to check the firmware version or use device management tools to query firmware versions remotely.
  • Look for firmware versions 1.42 or earlier on SD-330AC and 5.0.2 or earlier on AMC Manager, which are vulnerable.

There are no specific commands or automated detection scripts provided in the available resources for directly detecting exploitation attempts or the vulnerability itself.

The recommended mitigation is to update the firmware to version 1.50 or later for SD-330AC and 5.1.0 or later for AMC Manager, or to disable HTTP/HTTPS services on the affected devices to prevent exploitation.

Executive Summary

The vulnerability exists in the SD-330AC and AMC Manager products provided by silex technology, Inc. It is a heap-based buffer overflow that occurs when processing redirect URLs. This flaw can allow an attacker to execute arbitrary code on the affected device.

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker to execute arbitrary code remotely without any privileges or user interaction. This could lead to full compromise of the affected device, including unauthorized access, data manipulation, or disruption of services.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32956. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart