Silex Technology SD-330AC and AMC Manager Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in Silex Technology's SD-330AC device and AMC Manager software, affecting several versions. The vulnerability arises from sensitive information not being properly cleared before reuse, allowing an attacker to log into the device by sending a crafted packet, bypassing the need for a password.

Impact

Exploitation of this vulnerability allows an attacker to reuse the authentication credentials of an already authenticated administrator, gaining administrator privileges on the device.

Remediation

Users are advised to update the SD-330AC firmware to version 1.50 or later, or to update AMC Manager to version 5.1.0 or later. After updating, it is mandatory to set an administrator password for the SD-330AC device, as those without a password can be exploited to gain administrative access.