CVE-2026-32957
published 2026-04-20CVE-2026-32957: SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary…
PriorityP336medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.27%
19.1th percentile
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silex_technology_inc | amc_manager | — | — |
| silex_technology_inc | sd-330ac | — | — |
| silextechnology | amc_manager | < 5.1.0 | 5.1.0 |
| silextechnology | sd-330ac_firmware | < 1.50 | 1.50 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-332v-r8r4-hgh6: SD-330AC and AMC Manager provided by silex technology, Inc
ghsa_unreviewed·2026-04-20
CVE-2026-32957 [MEDIUM] CWE-306 GHSA-332v-r8r4-hgh6: SD-330AC and AMC Manager provided by silex technology, Inc
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication.
VulDB
silex SD-330AC/AMC Manager missing authentication
vuldb·2026-04-20·CVSS 6.9
CVE-2026-32957 [MEDIUM] silex SD-330AC/AMC Manager missing authentication
A vulnerability classified as critical has been found in silex SD-330AC and AMC Manager. This vulnerability affects unknown code. This manipulation causes missing authentication.
This vulnerability appears as CVE-2026-32957. It is feasible to perform the attack on the physical device. There is no available exploit.
It is recommended to upgrade the affected component.
No detection rules found.
No public exploits indexed.
Hackernews
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
blogs_hackernews·2026-04-21·CVSS 7.5
CVE-2026-32955 [HIGH] 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.
The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed online globally.
"Some of these vulnerabilities allow attackers to take full control of mission-critical devices connected via serial links," the
Wiz
CVE-2025-32957 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2025-32957 [HIGH] CVE-2025-32957 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-32957 :
PHP vulnerability analysis and mitigation
baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3.
Source : NVD
## 7.2
Score
Published March 31, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
PHP
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.2
Exploitation Probabili
2026-04-20
Published