Primary

Context

Mennekes Amtron Series Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in the Mennekes Amtron series, specifically in firmware versions through 5.22.3. This vulnerability allows an unauthenticated remote attacker to change the password of a user account by sending a crafted POST request to the /operator/operator endpoint.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, potentially leading to unauthorized access or control over user accounts.

Reproduction

To reproduce this vulnerability, send a POST request to the /operator/operator endpoint without authentication. Include a payload in the request body that specifies the new password. The request must be formatted to mimic a standard web browser request, including appropriate headers such as 'User-Agent' and 'Accept'.

Added: May 28, 2026, 5:30 PM

Updated: May 28, 2026, 5:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.7

remediation

0.0

relevance

9.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.7

remediation

0.0

relevance

9.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mennekes Amtron Series Authentication Bypass Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Mennekes Amtron Professional

Mennekes Amtron Professional Eichrecht

Mennekes Amedio Professional

Mennekes Amtron Charge Control

Mennekes Amtron Professional Twincharge

Mennekes Smart-T PnC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating