Critical Buffer Overflow Vulnerability in Silex Devices (CVE-2026-32956)

Severity: High (Score: 79.5)

Sources: vuldb.com, Feedly, exploit-intel.com, Thehackerwire, infosec.exchange

Summary

Silex Technology, Inc. has reported a critical heap-based buffer overflow vulnerability in its SD-330AC devices and AMC Manager software, identified as CVE-2026-32956. This vulnerability allows unauthenticated remote attackers to execute arbitrary code without user interaction, potentially leading to complete device compromise. The CVSS v3.1 base score for this vulnerability is 9.8, indicating high impacts on confidentiality, integrity, and availability. A patch has been released, and users are urged to update their systems immediately. As an interim measure, restricting network access and disabling redirect URL processing features is recommended until patches are applied. Currently, there is no evidence of exploitation in the wild or public proof-of-concept available. This vulnerability poses a significant risk to organizations using affected devices. The urgency of the situation is emphasized by the critical severity rating assigned to the vulnerability. Key Points: • CVE-2026-32956 is a critical buffer overflow vulnerability with a CVSS score of 9.8. • Affected systems include Silex SD-330AC devices and AMC Manager software versions 5.0.2 and earlier. • Immediate patching is recommended due to the potential for complete device compromise.

Key Entities

• Zero-day Exploit (attack_type)
• CVE-2026-32324 (cve)
• CVE-2026-32956 (cve)
• Cwe-122 - Heap-based Buffer Overflow (cwe)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-798 - Use of Hard-coded Credentials (cwe)
• T1021 - Remote Services (mitre_attack)
• AMC Manager (platform)
• Anviz CX7 Firmware (platform)
• Silex Sd-330ac (platform)