CVE-2026-8979
Authentication Bypass in Mennekes Amtron Series Firmware
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: CyberDanube
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mennekes | amtron | to 5.22.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious POST requests to the /operator/operator endpoint on Mennekes Amtron devices. Specifically, crafted POST requests attempting to change user account passwords without authentication indicate exploitation attempts.
Network administrators can use tools like curl or wget to simulate such POST requests for testing purposes, or use network monitoring tools to detect these requests in live traffic.
- Example command to test the vulnerability (replace <device_ip> and payload accordingly):
- curl -X POST http://<device_ip>/operator/operator -d '{"password":"newpassword"}'
Additionally, network intrusion detection systems (NIDS) can be configured to alert on POST requests to the /operator/operator endpoint from unauthenticated sources.
Can you explain this vulnerability to me?
CVE-2026-8979 is an authentication bypass vulnerability in the Mennekes Amtron series devices (firmware versions up to 5.22.3). An unauthenticated remote attacker can send a specially crafted POST request to the /operator/operator endpoint to change the password of a user account without needing to log in.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow an attacker to gain unauthorized access to the affected Mennekes Amtron devices by changing user account passwords. This can lead to a full takeover of the device or loss of control over the charging infrastructure managed by these devices.
What immediate steps should I take to mitigate this vulnerability?
Since the vendor has not yet provided a fix for this vulnerability, the immediate recommended mitigation is to restrict access to the affected Mennekes Amtron devices.
- Limit network access to the devices by implementing firewall rules or network segmentation to prevent unauthorized remote access.
- Ensure that only trusted and authenticated users can reach the /operator/operator endpoint.
- Monitor device logs and network traffic for suspicious POST requests attempting to change passwords.
These steps help reduce the risk of exploitation until an official patch or firmware update is released by Mennekes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an unauthenticated attacker to change user account passwords and potentially take full control of the device, which could lead to unauthorized access and loss of control over the charging infrastructure.
Such unauthorized access and control could result in violations of security requirements mandated by common standards and regulations like GDPR and HIPAA, which require protection of systems against unauthorized access to ensure confidentiality, integrity, and availability of data and services.
However, the provided information does not explicitly mention the impact on compliance with these standards or any specific regulatory consequences.