CVE-2026-32958
Received
Received - Intake
Hard-Coded Key in Silex SD-330AC Enables Firmware Spoofing
Publication date: 2026-04-20
Last updated on: 2026-04-22
Assigner: JPCERT/CC
Description
Description
SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| silextechnology | sd-330ac_firmware | to 1.50 (exc) |
| silextechnology | amc_manager | to 5.1.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the SD-330AC and AMC Manager products from silex technology, Inc., which use a hard-coded cryptographic key. Because of this, an administrative user could be tricked into applying a fake firmware update.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker could potentially cause an administrative user to install a malicious firmware update. This could lead to unauthorized changes or compromise of the affected device's integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70