Silex SD-330AC and AMC Manager RCE via CVE-2026-32956 — Patch Now

Vulnerability Overview

Silex Technology, a Japanese manufacturer of wireless networking solutions, has disclosed thirteen vulnerabilities affecting its SD-330AC wireless bridge and AMC Manager software. According to the advisory published by CISA, the most severe of these flaws is CVE-2026-32956, which carries a CVSS v3.1 base score of 9.8. This critical heap-based buffer overflow can allow an unauthenticated remote attacker to execute arbitrary code with the highest privileges on the device.

These products are deployed globally within the Information Technology and Critical Infrastructure sectors. The vulnerabilities were reported to CISA by researcher Francesco La Spina of Forescout Technologies. If successfully exploited, an attacker could gain complete control over the network bridge, manipulate device configurations, or cause a persistent denial-of-service (DoS) state.

Technical Analysis and Impact

The breadth of the CVE list indicates significant security gaps in the device’s web management interface and underlying communication protocols. The vulnerabilities range from memory corruption issues to insecure defaults.

Critical Memory Corruption Risks

The primary concern for security teams is the risk of RCE. Beyond the heap overflow, CVE-2026-32955 describes a stack-based buffer overflow (CVSS 8.8) that provides another vector for code execution, though it requires some level of existing Privilege Escalation or specific authentication in certain configurations. When investigating CVE-2026-32956 heap-based buffer overflow mitigation, defenders should realize that these memory corruption flaws often reside in the services handling HTTP requests.

Authentication and Configuration Failures

Several vulnerabilities highlight a failure to implement proper access controls:

• CVE-2026-32957: A missing authentication flaw for critical functions that allows unauthenticated file uploads.
• CVE-2026-32962: Allows an attacker to alter the device configuration without any credentials.
• CVE-2026-32965: An initialization of a resource with an insecure default where the device may be configured using a null string password.

Furthermore, CVE-2026-32958 involves the use of hard-coded cryptographic keys. This could facilitate man-in-the-middle attacks where an administrator is tricked into applying a malicious firmware update.

Third-Party Component Risks

The advisory also includes CVE-2015-5621, a decade-old vulnerability in the net-snmp library (version 5.7.2 and earlier). This flaw allows remote attackers to cause a crash (DoS) due to improper parsing of SNMP PDUs. Its presence indicates that the affected Silex products have been relying on outdated and vulnerable third-party libraries, heightening the risk to the environment.

### How to detect Silex Technology AMC Manager RCE exploit

Defenders should monitor network traffic for abnormal UDP and HTTP packets directed at Silex SD-330AC devices and AMC Manager instances. Specifically, look for large, malformed payloads that attempt to trigger buffer overflows in the management interface. Additionally, monitor for unexpected EXEC REBOOT SYSTEM commands via UDP, as CVE-2024-24487 identifies these as a method for causing a system reboot and DoS. Any unauthenticated POST requests to configuration endpoints should be treated as highly suspicious and investigated by the SOC.

Remediation and Mitigation Strategies

The most effective remediation is the immediate application of the Silex Technology SD-330AC firmware Ver 1.50 patch and updating AMC Manager to version 5.1.0 or later. These updates address the core logic flaws and update vulnerable dependencies.

For organizations unable to patch immediately, CISA and Silex recommend several compensatory measures:

1. Disable Vulnerable Services: For vulnerabilities like CVE-2026-32955 and CVE-2026-32956, administrators should disable the HTTP/HTTPS management services if they are not strictly required for operations.
2. SNMP Mitigation: Disable the SNMP service to mitigate the risks associated with the aging CVE-2015-5621 flaw.
3. Secure Access: Set a strong password for the settings web interface to counteract CVE-2026-32965.
4. Network Segmentation: Isolate control system networks from the business network and ensure these devices are never exposed directly to the internet.
5. VPN Utilization: When remote access is necessary, use a secure VPN method and ensure the VPN software itself is fully patched.