CVE-2026-32964
CRLF Injection in silex SD-330AC and AMC Manager Configuration
Publication date: 2026-04-20
Last updated on: 2026-04-22
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| silextechnology | sd-330ac_firmware | to 1.50 (exc) |
| silextechnology | amc_manager | to 5.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-93 | The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the SD-330AC and AMC Manager products by silex technology, Inc. It is an improper neutralization of CRLF sequences, also known as a CRLF Injection vulnerability. This means that when processing certain crafted configuration data, the system may incorrectly handle carriage return and line feed characters, allowing an attacker to inject arbitrary entries into the system configuration.
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary entries being injected into the system configuration. This could potentially allow an attacker to manipulate system behavior or configuration settings, which may result in integrity and availability impacts on the affected system.