Silex Technology SD-330AC and AMC Manager Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the SD-330AC device and the AMC Manager application, both provided by Silex Technology, Inc. This vulnerability affects SD-330AC versions through 1.42 and AMC Manager versions through 5.0.2. When a user logs into the affected device and accesses a crafted web page, it may allow for the execution of arbitrary scripts in the user's browser.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users are advised to update to SD-330AC firmware version 1.50 or later and AMC Manager version 5.1.0 or later. After updating, it is recommended to set an administrator password for the web configuration interface.