CVE-2026-32960
Unauthorized Access via Sensitive Data Exposure in Silex SD-330AC
Publication date: 2026-04-20
Last updated on: 2026-04-22
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| silextechnology | sd-330ac_firmware | to 1.50 (exc) |
| silextechnology | amc_manager | to 5.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-226 | The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the SD-330AC and AMC Manager products by silex technology, Inc. It involves sensitive information in a resource that is not removed before reuse. This flaw allows an attacker to log into the device without knowing the password by sending a specially crafted packet.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to gain unauthorized access to the affected devices without needing the password. This unauthorized access could lead to potential misuse or manipulation of the device, compromising its integrity and security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to login to the device without knowing the password by sending a crafted packet, due to sensitive information in a resource not being removed before reuse.
This unauthorized access could potentially lead to unauthorized disclosure or modification of information, which may impact compliance with standards and regulations that require protection of sensitive data, such as GDPR and HIPAA.