CVE-2026-32960
Received Received - Intake
Unauthorized Access via Sensitive Data Exposure in Silex SD-330AC

Publication date: 2026-04-20

Last updated on: 2026-04-22

Assigner: JPCERT/CC

Description
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-20
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32960
EUVD
EUVD-2026-23753
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
silextechnology sd-330ac_firmware to 1.50 (exc)
silextechnology amc_manager to 5.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-226 The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the SD-330AC and AMC Manager products by silex technology, Inc. It involves sensitive information in a resource that is not removed before reuse. This flaw allows an attacker to log into the device without knowing the password by sending a specially crafted packet.

Impact Analysis

This vulnerability can allow an attacker to gain unauthorized access to the affected devices without needing the password. This unauthorized access could lead to potential misuse or manipulation of the device, compromising its integrity and security.

Compliance Impact

The vulnerability allows an attacker to login to the device without knowing the password by sending a crafted packet, due to sensitive information in a resource not being removed before reuse.

This unauthorized access could potentially lead to unauthorized disclosure or modification of information, which may impact compliance with standards and regulations that require protection of sensitive data, such as GDPR and HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32960. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart