CVE-2026-32964 | THREATINT

Description

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.

PUBLISHED Reserved 2026-03-17 | Published 2026-04-20 | Updated 2026-04-20 | Assigner jpcert

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

Improper neutralization of CRLF sequences ('CRLF Injection')

Product status

Ver.1.42 and earlier

affected

Ver.5.0.2 and earlier

affected

References

www.silex.jp/support/security-advisories/en/2026-001

www.silex.jp/support/security-advisories/2026-001

jvn.jp/en/vu/JVNVU94271449/

cve.org (CVE-2026-32964)

nvd.nist.gov (CVE-2026-32964)

Download JSON