CVE-2026-8980 documents a critical privilege escalation vulnerability in Mennekes Amtron series charging stations running firmware versions ≤ 5.22.3. An authenticated attacker with low-privilege access can escalate to administrative or manufacturer-level control by sending crafted POST requests to change passwords for the admin (operator) and manufacturer accounts. The CVSS 4.0 vector indicates network at [truncated]
Mennekes Amtron series charging stations running firmware ≤ 5.22.3 contain a critical authentication bypass vulnerability. An unauthenticated remote attacker can change the password of any user account by sending a crafted POST request to the /operator/operator endpoint, effectively seizing administrative control of the device. The vulnerability was disclosed on 2026-05-28 and carries a CVSS 4.0 score of [truncated]
