CVE-2026-8980
Privilege Escalation in Mennekes Amtron Series Firmware
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: CyberDanube
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mennekes | amtron | to 5.22.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves an authenticated low-privileged user sending crafted POST requests to change admin and manufacturer account passwords. Detection can focus on monitoring for unusual POST requests targeting password change endpoints on Mennekes Amtron devices with firmware versions β€ 5.22.3.
Since the vulnerability is exploited via HTTP POST requests, network monitoring tools or intrusion detection systems (IDS) can be configured to alert on suspicious POST requests to the device's management interface.
- Use network packet capture tools like tcpdump or Wireshark to filter POST requests to the device IP on relevant ports (usually HTTP/HTTPS). Example command: tcpdump -i <interface> host <device_ip> and '(tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'
- Check web server logs on the device (if accessible) for POST requests that include password change parameters.
- Use curl or similar tools to test the device by sending crafted POST requests to password change endpoints to verify if the vulnerability exists (only in a controlled and authorized environment).
Can you explain this vulnerability to me?
The Mennekes Amtron series with firmware versions up to 5.22.3 has a vulnerability that allows privilege escalation. Specifically, an authenticated user with low privileges can exploit this flaw by sending specially crafted POST requests to change the passwords of higher-privileged accounts, such as the admin (operator) and manufacturer accounts.
How can this vulnerability impact me? :
This vulnerability can have a severe impact because it allows a low-privileged authenticated user to escalate their privileges by changing the passwords of critical accounts. This could lead to unauthorized administrative access, potentially allowing the attacker to control the device, alter configurations, or disrupt services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated low-privileged user to escalate privileges by changing the passwords of admin and manufacturer accounts, potentially leading to unauthorized access and full device takeover.
Such unauthorized access and control over the device could lead to violations of security requirements mandated by common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.
Failure to mitigate this vulnerability may result in non-compliance with these regulations due to inadequate protection against privilege escalation and unauthorized administrative access.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is recommended to restrict access to the Mennekes Amtron device to trusted users only.
Since the vendor has not yet provided a fix, limiting network exposure and controlling who can access the device is the immediate workaround.