CVE-2026-8979 Mennekes CVE debrief

Who should care

Owners and operators of Mennekes Amtron electric vehicle charging infrastructure, including commercial fleet operators, parking facility managers, and critical infrastructure providers with publicly accessible EV charging deployments.

Technical summary

The /operator/operator endpoint in Mennekes Amtron firmware ≤ 5.22.3 fails to enforce authentication before processing password change requests. An attacker can submit a crafted POST request to this endpoint without valid credentials, resulting in arbitrary user account password modification. This grants the attacker administrative access to the charging station's management interface, enabling further configuration changes, service disruption, or potential pivoting into connected infrastructure. The vulnerability is remotely exploitable with low attack complexity and no user interaction required.

Defensive priority

critical

Recommended defensive actions

• Immediately isolate affected Mennekes Amtron charging stations from untrusted networks or internet exposure until firmware can be updated.
• Contact Mennekes for patched firmware version > 5.22.3 and apply as soon as available.
• Audit all user accounts on affected devices for unauthorized password changes or configuration modifications.
• Implement network segmentation to restrict access to charging station management interfaces to authorized administrative hosts only.
• Monitor logs for POST requests to /operator/operator from unexpected source addresses.
• Review and rotate all credentials on affected devices once patched firmware is deployed.

Evidence notes

Vulnerability disclosed via Cyberdanube security research. NVD entry lists status as 'Deferred'. CVSS 4.0 vector confirms network attack vector with no privileges required.

Official resources