CVE-2026-8980
Deferred Deferred - Pending Action
Privilege Escalation in Mennekes Amtron Series Firmware

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: CyberDanube

Description
The Mennekes Amtron series (firmware versions ≀ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer accounts via crafted POST requests.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-8980
EUVD
EUVD-2026-32897
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mennekes amtron to 5.22.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Mennekes Amtron series with firmware versions up to 5.22.3 has a vulnerability that allows privilege escalation. Specifically, an authenticated user with low privileges can exploit this flaw by sending specially crafted POST requests to change the passwords of higher-privileged accounts, such as the admin (operator) and manufacturer accounts.

Impact Analysis

This vulnerability can have a severe impact because it allows a low-privileged authenticated user to escalate their privileges by changing the passwords of critical accounts. This could lead to unauthorized administrative access, potentially allowing the attacker to control the device, alter configurations, or disrupt services.

Compliance Impact

The vulnerability allows an authenticated low-privileged user to escalate privileges by changing the passwords of admin and manufacturer accounts, potentially leading to unauthorized access and full device takeover.

Such unauthorized access and control over the device could lead to violations of security requirements mandated by common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.

Failure to mitigate this vulnerability may result in non-compliance with these regulations due to inadequate protection against privilege escalation and unauthorized administrative access.

Mitigation Strategies

To mitigate this vulnerability, it is recommended to restrict access to the Mennekes Amtron device to trusted users only.

Since the vendor has not yet provided a fix, limiting network exposure and controlling who can access the device is the immediate workaround.

Detection Guidance

The vulnerability involves an authenticated low-privileged user sending crafted POST requests to change admin and manufacturer account passwords. Detection can focus on monitoring for unusual POST requests targeting password change endpoints on Mennekes Amtron devices with firmware versions ≀ 5.22.3.

Since the vulnerability is exploited via HTTP POST requests, network monitoring tools or intrusion detection systems (IDS) can be configured to alert on suspicious POST requests to the device's management interface.

  • Use network packet capture tools like tcpdump or Wireshark to filter POST requests to the device IP on relevant ports (usually HTTP/HTTPS). Example command: tcpdump -i <interface> host <device_ip> and '(tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'
  • Check web server logs on the device (if accessible) for POST requests that include password change parameters.
  • Use curl or similar tools to test the device by sending crafted POST requests to password change endpoints to verify if the vulnerability exists (only in a controlled and authorized environment).
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8980. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart