CVE Catalog

CVE-2026-8979

Critical
Published: Translated: NVD NIST

Summary

The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint.

Risk Assessment

This vulnerability allows an attacker to take control of a user account, potentially leading to unauthorized access to the system. This could result in serious security implications for the organization.

Recommendation

It is recommended to update the firmware to the latest version to mitigate this vulnerability. Additionally, implementing further security measures such as log monitoring and restricting access to the administrative interface is advisable.

Original NVD description (English source)

The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS