{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32959", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-03-17T00:23:24.980Z", "datePublished": "2026-04-20T03:18:56.184Z", "dateUpdated": "2026-04-20T03:18:56.184Z"}, "containers": {"cna": {"affected": [{"vendor": "silex technology, Inc.", "product": "SD-330AC", "versions": [{"version": "Ver.1.42 and earlier", "status": "affected"}]}, {"vendor": "silex technology, Inc.", "product": "AMC Manager", "versions": [{"version": "Ver.5.0.2 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack."}], "problemTypes": [{"descriptions": [{"description": "Use of a broken or risky cryptographic algorithm", "lang": "en-US", "cweId": "CWE-327", "type": "CWE"}]}], "references": [{"url": "https://www.silex.jp/support/security-advisories/en/2026-001"}, {"url": "https://www.silex.jp/support/security-advisories/2026-001"}, {"url": "https://jvn.jp/en/vu/JVNVU94271449/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-20T03:18:56.184Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack."}], "id": "CVE-2026-32959", "lastModified": "2026-04-20T04:16:43.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-04-20T04:16:43.790", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU94271449/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.silex.jp/support/security-advisories/2026-001"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.silex.jp/support/security-advisories/en/2026-001"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T05:51:29.005814+00:00", "value": {"mitigation_remediation": ["Obtain and apply the vendor\u2011supplied firmware or software patch for AMC Manager and SD\u2011330AC", "Configure the devices to use a modern, secure cipher suite or enable TLS 1.2 or higher if supported", "Deploy a VPN or network segmentation to isolate device traffic from potential MITM attackers", "Monitor communication for signs of traffic tampering or anomalous cipher usage"], "summary": {"action": "Apply Patch", "impact": "Confidentiality loss via man\u2011in\u2011the\u2011middle due to weak encryption"}, "threat_synthesis": {"affected_systems": "Devices from Silex Technology, Inc. that run AMC Manager or SD\u2011330AC are affected. No specific firmware or software release numbers are disclosed in the advisory, so the scope of the vulnerability remains unknown until further product\u2011specific information is provided.", "description_and_impact": "SD\u2011330AC and AMC Manager supplied by Silex Technology contain an implementation that uses a broken or risky cryptographic algorithm. The weakness allows traffic to be read by an attacker performing a man\u2011in\u2011the\u2011middle (MITM) attack, which can reveal sensitive information transmitted by the device. This flaw is a type of cryptographic weakness (CWE\u2011327).", "risk_and_exploitability": "With a CVSS score of 8.2, the vulnerability is considered high severity. The EPSS score is not available and the issue is not listed in CISA\u2019s KEV catalog. The attack vector is inferred from the description and is a network\u2011based MITM scenario; an attacker who can intercept or alter traffic between the device and its management station would be able to recover the compromised data. Because no preventative controls are mentioned, the risk is significant for environments that rely on the weak algorithm for secure communication."}}}}, "created": "2026-04-20T06:00:08.100154+00:00", "title": "Weak Cryptographic Algorithm Enables Man\u2011in\u2011the\u2011Middle Data Retrieval", "updated": "2026-04-20T06:00:08.100166+00:00", "vendors": []}