Action not permitted
Modal body text goes here.
Modal Title
Modal Body
jvndb-2026-012056
Vulnerability from jvndb
Published
2026-04-21 15:27
Modified
2026-04-21 15:27
Severity ?
Summary
Multiple vulnerabilities in silex technology SD-330AC and AMC Manager
Details
SD-330AC and AMC Manager provided by silex technology, Inc. contain multiple vulnerabilities listed below.<a href='https://cwe.mitre.org/data/definitions/121.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/122.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/306.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/321.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/327.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/226.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/122.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/306.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/79.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/93.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/1188.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/1395.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/266.html' target='_blank'></a><ul><li>Stack-based buffer overflow in processing the redirect URLs (CWE-121) - CVE-2026-32955</li><li>Heap-based buffer overflow in processing the redirect URLs (CWE-122) - CVE-2026-32956</li><li>Missing authentication for critical function on firmware maintenance (CWE-306) - CVE-2026-32957</li><li>Use of hard-coded cryptographic key (CWE-321) - CVE-2026-32958</li><li>Use of a broken or risky cryptographic algorithm (CWE-327) - CVE-2026-32959</li><li>Sensitive information in resource not removed before reuse (CWE-226) - CVE-2026-32960</li><li>Heap-based buffer overflow in packet data processing of sx_smpd (CWE-122) - CVE-2026-32961</li><li>Missing authentication for critical device setting function (CWE-306) - CVE-2026-32962</li><li>Reflected cross-site scripting (CWE-79) - CVE-2026-32963</li><li>CRLF injection (CWE-93) - CVE-2026-32964</li><li>Initialization of a resource with an insecure default (CWE-1188) - CVE-2026-32965</li><li>Dependency on vulnerable third-party component (CWE-1395) - CVE-2015-5621</li><li>Incorrect privilege assignment (CWE-266) - CVE-2024-24487</li></ul>Francesco La Spina of Forescout Technologies reported these vulnerabilities to CISA ICS. At the request of CISA ICS, JPCERT/CC coordinated with the developer.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-012056.html",
"dc:date": "2026-04-21T15:27+09:00",
"dcterms:issued": "2026-04-21T15:27+09:00",
"dcterms:modified": "2026-04-21T15:27+09:00",
"description": "SD-330AC and AMC Manager provided by silex technology, Inc. contain multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/121.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/122.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/306.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/321.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/327.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/226.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/122.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/306.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/79.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/93.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/1188.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/1395.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/266.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eStack-based buffer overflow in processing the redirect URLs (CWE-121) - CVE-2026-32955\u003c/li\u003e\u003cli\u003eHeap-based buffer overflow in processing the redirect URLs (CWE-122) - CVE-2026-32956\u003c/li\u003e\u003cli\u003eMissing authentication for critical function on firmware maintenance (CWE-306) - CVE-2026-32957\u003c/li\u003e\u003cli\u003eUse of hard-coded cryptographic key (CWE-321) - CVE-2026-32958\u003c/li\u003e\u003cli\u003eUse of a broken or risky cryptographic algorithm (CWE-327) - CVE-2026-32959\u003c/li\u003e\u003cli\u003eSensitive information in resource not removed before reuse (CWE-226) - CVE-2026-32960\u003c/li\u003e\u003cli\u003eHeap-based buffer overflow in packet data processing of sx_smpd (CWE-122) - CVE-2026-32961\u003c/li\u003e\u003cli\u003eMissing authentication for critical device setting function (CWE-306) - CVE-2026-32962\u003c/li\u003e\u003cli\u003eReflected cross-site scripting (CWE-79) - CVE-2026-32963\u003c/li\u003e\u003cli\u003eCRLF injection (CWE-93) - CVE-2026-32964\u003c/li\u003e\u003cli\u003eInitialization of a resource with an insecure default (CWE-1188) - CVE-2026-32965\u003c/li\u003e\u003cli\u003eDependency on vulnerable third-party component (CWE-1395) - CVE-2015-5621\u003c/li\u003e\u003cli\u003eIncorrect privilege assignment (CWE-266) - CVE-2024-24487\u003c/li\u003e\u003c/ul\u003eFrancesco La Spina of Forescout Technologies reported these vulnerabilities to CISA ICS. At the request of CISA ICS, JPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-012056.html",
"sec:cpe": [
{
"#text": "cpe:/a:silex:amc_manager",
"@product": "AMC Manager",
"@vendor": "silex technology",
"@version": "2.2"
},
{
"#text": "cpe:/h:silex:sd_330ac",
"@product": "SD-330AC",
"@vendor": "silex technology",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-012056",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU94271449/index.html",
"@id": "JVNVU#94271449",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2015-5621",
"@id": "CVE-2015-5621",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-24487",
"@id": "CVE-2024-24487",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32955",
"@id": "CVE-2026-32955",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32956",
"@id": "CVE-2026-32956",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32957",
"@id": "CVE-2026-32957",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32958",
"@id": "CVE-2026-32958",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32959",
"@id": "CVE-2026-32959",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32960",
"@id": "CVE-2026-32960",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32961",
"@id": "CVE-2026-32961",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32962",
"@id": "CVE-2026-32962",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32963",
"@id": "CVE-2026-32963",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32964",
"@id": "CVE-2026-32964",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32965",
"@id": "CVE-2026-32965",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1188.html",
"@id": "CWE-1188",
"@title": "Insecure Default Initialization of Resource(CWE-1188)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/121.html",
"@id": "CWE-121",
"@title": "Stack-based Buffer Overflow(CWE-121)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/122.html",
"@id": "CWE-122",
"@title": "Heap-based Buffer Overflow(CWE-122)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1395.html",
"@id": "CWE-1395",
"@title": "Dependency on Vulnerable Third-Party Component(CWE-1395)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/226.html",
"@id": "CWE-226",
"@title": "Sensitive Information in Resource Not Removed Before Reuse(CWE-226)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/266.html",
"@id": "CWE-266",
"@title": "Incorrect Privilege Assignment(CWE-266)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/321.html",
"@id": "CWE-321",
"@title": "Use of Hard-coded Cryptographic Key(CWE-321)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/327.html",
"@id": "CWE-327",
"@title": "Use of a Broken or Risky Cryptographic Algorithm(CWE-327)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/93.html",
"@id": "CWE-93",
"@title": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)(CWE-93)"
}
],
"title": "Multiple vulnerabilities in silex technology SD-330AC and AMC Manager"
}
CVE-2026-32959 (GCVE-0-2026-32959)
Vulnerability from cvelistv5
Published
2026-04-20 03:18
Modified
2026-04-20 13:56
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a broken or risky cryptographic algorithm
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:56:19.084152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:56:27.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Use of a broken or risky cryptographic algorithm",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:18:56.184Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32959",
"datePublished": "2026-04-20T03:18:56.184Z",
"dateReserved": "2026-03-17T00:23:24.980Z",
"dateUpdated": "2026-04-20T13:56:27.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32956 (GCVE-0-2026-32956)
Vulnerability from cvelistv5
Published
2026-04-20 03:20
Modified
2026-04-20 13:36
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based buffer overflow
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:20:29.854302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:36:04.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:20:01.225Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32956",
"datePublished": "2026-04-20T03:20:01.225Z",
"dateReserved": "2026-03-17T00:23:24.980Z",
"dateUpdated": "2026-04-20T13:36:04.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32965 (GCVE-0-2026-32965)
Vulnerability from cvelistv5
Published
2026-04-20 03:17
Modified
2026-04-20 14:23
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-1188 - Initialization of a resource with an insecure default
Summary
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T14:23:30.435627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T14:23:36.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "Initialization of a resource with an insecure default",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:17:33.917Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32965",
"datePublished": "2026-04-20T03:17:33.917Z",
"dateReserved": "2026-03-17T00:23:24.981Z",
"dateUpdated": "2026-04-20T14:23:36.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32964 (GCVE-0-2026-32964)
Vulnerability from cvelistv5
Published
2026-04-20 03:17
Modified
2026-04-20 14:08
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-93 - Improper neutralization of CRLF sequences ('CRLF Injection')
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T14:08:43.843940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T14:08:52.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences (\u0027CRLF Injection\u0027) vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "Improper neutralization of CRLF sequences (\u0027CRLF Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:17:52.839Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32964",
"datePublished": "2026-04-20T03:17:52.839Z",
"dateReserved": "2026-03-17T00:23:24.981Z",
"dateUpdated": "2026-04-20T14:08:52.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32960 (GCVE-0-2026-32960)
Vulnerability from cvelistv5
Published
2026-04-20 03:18
Modified
2026-04-20 13:57
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-226 - Sensitive information in resource not removed before reuse
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:57:04.903633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:57:13.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "Sensitive information in resource not removed before reuse",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:18:47.538Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32960",
"datePublished": "2026-04-20T03:18:47.538Z",
"dateReserved": "2026-03-17T00:23:24.981Z",
"dateUpdated": "2026-04-20T13:57:13.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32963 (GCVE-0-2026-32963)
Vulnerability from cvelistv5
Published
2026-04-20 03:18
Modified
2026-04-20 14:04
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site scripting (XSS)
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T14:04:14.460369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T14:04:22.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user\u0027s browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:18:07.431Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32963",
"datePublished": "2026-04-20T03:18:07.431Z",
"dateReserved": "2026-03-17T00:23:24.981Z",
"dateUpdated": "2026-04-20T14:04:22.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32955 (GCVE-0-2026-32955)
Vulnerability from cvelistv5
Published
2026-04-20 03:19
Modified
2026-04-20 13:36
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based buffer overflow
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:20:14.696625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:36:04.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:19:47.937Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32955",
"datePublished": "2026-04-20T03:19:47.937Z",
"dateReserved": "2026-03-17T00:23:24.980Z",
"dateUpdated": "2026-04-20T13:36:04.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-24487 (GCVE-0-2024-24487)
Vulnerability from cvelistv5
Published
2024-04-15 00:00
Modified
2024-08-01 23:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:silex:ds-600_firmware:1.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ds-600_firmware",
"vendor": "silex",
"versions": [
{
"status": "affected",
"version": "1.4.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T18:49:40.544364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T16:52:26.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://raw.githubusercontent.com/MostafaSoliman/Security-Advisories/master/CVE-2024-24487"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T18:46:57.471Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://raw.githubusercontent.com/MostafaSoliman/Security-Advisories/master/CVE-2024-24487"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-24487",
"datePublished": "2024-04-15T00:00:00.000Z",
"dateReserved": "2024-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-01T23:19:52.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-32958 (GCVE-0-2026-32958)
Vulnerability from cvelistv5
Published
2026-04-20 03:19
Modified
2026-04-20 13:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-321 - Use of hard-coded cryptographic key
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:19:18.750535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:19:40.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:19:16.492Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32958",
"datePublished": "2026-04-20T03:19:16.492Z",
"dateReserved": "2026-03-17T00:23:24.980Z",
"dateUpdated": "2026-04-20T13:19:40.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32962 (GCVE-0-2026-32962)
Vulnerability from cvelistv5
Published
2026-04-20 03:18
Modified
2026-04-20 14:52
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing authentication for critical function
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T14:52:08.258698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T14:52:15.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:18:25.122Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32962",
"datePublished": "2026-04-20T03:18:25.122Z",
"dateReserved": "2026-03-17T00:23:24.981Z",
"dateUpdated": "2026-04-20T14:52:15.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32957 (GCVE-0-2026-32957)
Vulnerability from cvelistv5
Published
2026-04-20 03:19
Modified
2026-04-20 13:36
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing authentication for critical function
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:19:59.658698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:36:04.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:19:35.581Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32957",
"datePublished": "2026-04-20T03:19:35.581Z",
"dateReserved": "2026-03-17T00:23:24.980Z",
"dateUpdated": "2026-04-20T13:36:04.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32961 (GCVE-0-2026-32961)
Vulnerability from cvelistv5
Published
2026-04-20 03:18
Modified
2026-04-20 13:57
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based buffer overflow
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data processing of sx_smpd. Processing a crafted packet may cause a temporary denial-of-service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silex technology, Inc. | SD-330AC |
Version: Ver.1.42 and earlier |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:57:49.945676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:57:57.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SD-330AC",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.1.42 and earlier"
}
]
},
{
"product": "AMC Manager",
"vendor": "silex technology, Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.5.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data processing of sx_smpd. Processing a crafted packet may cause a temporary denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T03:18:37.055Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.silex.jp/support/security-advisories/en/2026-001"
},
{
"url": "https://www.silex.jp/support/security-advisories/2026-001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94271449/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32961",
"datePublished": "2026-04-20T03:18:37.055Z",
"dateReserved": "2026-03-17T00:23:24.981Z",
"dateUpdated": "2026-04-20T13:57:57.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2015-5621 (GCVE-0-2015-5621)
Vulnerability from cvelistv5
Published
2015-08-19 15:00
Modified
2025-12-04 17:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2015:1502",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.html"
},
{
"name": "45547",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45547/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/"
},
{
"name": "RHSA-2015:1636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1636.html"
},
{
"name": "1033304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033304"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212408"
},
{
"name": "USN-2711-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name": "[oss-security] 20150416 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/15"
},
{
"name": "[oss-security] 20150413 net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/13/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX209443"
},
{
"name": "DSA-4154",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4154"
},
{
"name": "[oss-security] 20150731 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/31/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/net-snmp/bugs/2615/"
},
{
"name": "76380",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76380"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-5621",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-04T17:20:51.406908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T17:20:54.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T10:06:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2015:1502",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.html"
},
{
"name": "45547",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45547/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/"
},
{
"name": "RHSA-2015:1636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1636.html"
},
{
"name": "1033304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033304"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212408"
},
{
"name": "USN-2711-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name": "[oss-security] 20150416 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/15"
},
{
"name": "[oss-security] 20150413 net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/13/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX209443"
},
{
"name": "DSA-4154",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4154"
},
{
"name": "[oss-security] 20150731 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/31/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/net-snmp/bugs/2615/"
},
{
"name": "76380",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76380"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1502",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.html"
},
{
"name": "45547",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45547/"
},
{
"name": "http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/"
},
{
"name": "RHSA-2015:1636",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1636.html"
},
{
"name": "1033304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033304"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212408",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212408"
},
{
"name": "USN-2711-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name": "[oss-security] 20150416 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/15"
},
{
"name": "[oss-security] 20150413 net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/13/1"
},
{
"name": "http://support.citrix.com/article/CTX209443",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX209443"
},
{
"name": "DSA-4154",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4154"
},
{
"name": "[oss-security] 20150731 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/31/1"
},
{
"name": "https://sourceforge.net/p/net-snmp/bugs/2615/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/net-snmp/bugs/2615/"
},
{
"name": "76380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76380"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5621",
"datePublished": "2015-08-19T15:00:00.000Z",
"dateReserved": "2015-07-22T00:00:00.000Z",
"dateUpdated": "2025-12-04T17:20:54.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…