Silex Technology SD-330AC and AMC Manager CRLF Injection Vulnerability

A CRLF injection vulnerability has been identified in Silex Technology's SD-330AC and AMC Manager products. This vulnerability allows for improper neutralization of CRLF sequences, which can be exploited by processing crafted configuration data that leads to arbitrary entries being injected into the system configuration. Affected versions include SD-330AC through 1.42 and AMC Manager through 5.0.2.

Impact

Exploitation of this vulnerability allows for unauthorized injection of entries into the system configuration, potentially leading to misconfigurations or other adverse effects on the device's operation.

Remediation

Users are advised to update to SD-330AC firmware version 1.50 or later and AMC Manager version 5.1.0 or later. After updating, an administrator password must be set for the SD-330AC, as the device can be operated without one by default. For AMC Manager, version 5.1.0 or later is required.