Silex Technology SD-330AC and AMC Manager Hard-Coded Cryptographic Key Vulnerability

A vulnerability exists in Silex Technology's SD-330AC device and AMC Manager software, both of which are affected by a hard-coded cryptographic key. This flaw allows an administrative user to be misled into applying a fraudulent firmware update. The vulnerability arises because the hard-coded key can be exploited to authenticate tampered firmware as legitimate.

Impact

Exploitation of this vulnerability could result in an administrative user being tricked into installing a fake firmware update, potentially leading to unauthorized changes or disruptions in device functionality.

Remediation

Users are advised to update the SD-330AC device to firmware version 1.50 or later, and to update AMC Manager to version 5.1.0 or later. After updating, it is recommended to set a password for the web configuration interface to prevent unauthorized access.