CVE-2026-32956
Heap-Based Buffer Overflow in Silex SD-330AC Enables Code Execution
Publication date: 2026-04-20
Last updated on: 2026-04-22
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| silextechnology | sd-330ac_firmware | to 1.50 (exc) |
| silextechnology | amc_manager | to 5.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact or implications of CVE-2026-32956 on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
The vulnerability exists in the SD-330AC and AMC Manager products provided by silex technology, Inc. It is a heap-based buffer overflow that occurs when processing redirect URLs. This flaw can allow an attacker to execute arbitrary code on the affected device.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an attacker to execute arbitrary code remotely without any privileges or user interaction. This could lead to full compromise of the affected device, including unauthorized access, data manipulation, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-32956 vulnerability, the immediate recommended step is to disable the HTTP/HTTPS services on the affected device to prevent access to the vulnerable web interface.
Additionally, applying the vendor-provided firmware update to SD-330AC version 1.50 or later and AMC Manager version 5.1.0 or later is strongly advised. These updates address this and other related vulnerabilities by enforcing mandatory administrator password setup, disabling firmware downgrades, and requiring updated management tools for compatibility.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The CVE-2026-32956 vulnerability affects the SD-330AC and AMC Manager products by silex technology, Inc., specifically involving a heap-based buffer overflow in processing redirect URLs on the device's web configuration interface.
Detection typically involves identifying devices running vulnerable firmware versions (SD-330AC version 1.42 and earlier, AMC Manager version 5.0.2 and earlier) on your local network.
Since the vulnerability is exploitable via HTTP/HTTPS services on the device, you can scan your network for devices exposing these services and check their firmware versions.
- Use network scanning tools like nmap to detect devices with open HTTP/HTTPS ports (usually ports 80 and 443):
- nmap -p 80,443 --open -sV <target-network-range>
- Once identified, access the device's web interface to check the firmware version or use device management tools to query firmware versions remotely.
- Look for firmware versions 1.42 or earlier on SD-330AC and 5.0.2 or earlier on AMC Manager, which are vulnerable.
There are no specific commands or automated detection scripts provided in the available resources for directly detecting exploitation attempts or the vulnerability itself.
The recommended mitigation is to update the firmware to version 1.50 or later for SD-330AC and 5.1.0 or later for AMC Manager, or to disable HTTP/HTTPS services on the affected devices to prevent exploitation.