CVE-2026-32964 — Vulnetix

CVE-2026-32964 PUBLISHED CVSS 8.800000190734863 HIGH

SD-330AC and AMC Manager provided by silex technology, Inc. contain multiple vulnerabilities listed below.<a href='https://cwe.mitre.org/data/definitions/121.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/122.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/306.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/321.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/327.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/226.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/122.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/306.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/79.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/93.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/1188.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/1395.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/266.html' target='_blank'></a><ul><li>Stack-based buffer overflow in processing the redirect URLs (CWE-121) - CVE-2026-32955</li><li>Heap-based buffer overflow in processing the redirect URLs (CWE-122) - CVE-2026-32956</li><li>Missing authentication for critical function on firmware maintenance (CWE-306) - CVE-2026-32957</li><li>Use of hard-coded cryptographic key (CWE-321) - CVE-2026-32958</li><li>Use of a broken or risky cryptographic algorithm (CWE-327) - CVE-2026-32959</li><li>Sensitive information in resource not removed before reuse (CWE-226) - CVE-2026-32960</li><li>Heap-based buffer overflow in packet data processing of sx_smpd (CWE-122) - CVE-2026-32961</li><li>Missing authentication for critical device setting function (CWE-306) - CVE-2026-32962</li><li>Reflected cross-site scripting (CWE-79) - CVE-2026-32963</li><li>CRLF injection (CWE-93) - CVE-2026-32964</li><li>Initialization of a resource with an insecure default (CWE-1188) - CVE-2026-32965</li><li>Dependency on vulnerable third-party component (CWE-1395) - CVE-2015-5621</li><li>Incorrect privilege assignment (CWE-266) - CVE-2024-24487</li></ul>Francesco La Spina of Forescout Technologies reported these vulnerabilities to CISA ICS. At the request of CISA ICS, JPCERT/CC coordinated with the developer.

Risk Scores

CVSS v3.0

8.800000190734863

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
silex technology	SD-330AC
silex technology	AMC Manager

Timeline

Apr 19, 2026 PoC Published
Apr 20, 2026 CVE Published
Apr 20, 2026 Security Advisory
Apr 20, 2026 CVE Updated

References

https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-012056.html advisory

Open in Interactive Console →