CVE-2026-8979
Deferred Deferred - Pending Action
Authentication Bypass in Mennekes Amtron Series Firmware

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: CyberDanube

Description
The Mennekes Amtron series (firmware versions ≀ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-8979
EUVD
EUVD-2026-32896
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mennekes amtron to 5.22.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-8979 is an authentication bypass vulnerability in the Mennekes Amtron series devices (firmware versions up to 5.22.3). An unauthenticated remote attacker can send a specially crafted POST request to the /operator/operator endpoint to change the password of a user account without needing to log in.

Impact Analysis

Exploiting this vulnerability can allow an attacker to gain unauthorized access to the affected Mennekes Amtron devices by changing user account passwords. This can lead to a full takeover of the device or loss of control over the charging infrastructure managed by these devices.

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or suspicious POST requests to the /operator/operator endpoint on Mennekes Amtron devices. Specifically, crafted POST requests attempting to change user account passwords without authentication indicate exploitation attempts.

Network administrators can use tools like curl or wget to simulate such POST requests for testing purposes, or use network monitoring tools to detect these requests in live traffic.

  • Example command to test the vulnerability (replace <device_ip> and payload accordingly):
  • curl -X POST http://<device_ip>/operator/operator -d '{"password":"newpassword"}'

Additionally, network intrusion detection systems (NIDS) can be configured to alert on POST requests to the /operator/operator endpoint from unauthenticated sources.

Mitigation Strategies

Since the vendor has not yet provided a fix for this vulnerability, the immediate recommended mitigation is to restrict access to the affected Mennekes Amtron devices.

  • Limit network access to the devices by implementing firewall rules or network segmentation to prevent unauthorized remote access.
  • Ensure that only trusted and authenticated users can reach the /operator/operator endpoint.
  • Monitor device logs and network traffic for suspicious POST requests attempting to change passwords.

These steps help reduce the risk of exploitation until an official patch or firmware update is released by Mennekes.

Compliance Impact

The vulnerability allows an unauthenticated attacker to change user account passwords and potentially take full control of the device, which could lead to unauthorized access and loss of control over the charging infrastructure.

Such unauthorized access and control could result in violations of security requirements mandated by common standards and regulations like GDPR and HIPAA, which require protection of systems against unauthorized access to ensure confidentiality, integrity, and availability of data and services.

However, the provided information does not explicitly mention the impact on compliance with these standards or any specific regulatory consequences.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8979. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart