Auth bypass in Mennekes Amtron
CVE-2026-8979
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint.
Vulnerability class: Broken Authentication
EPSS: 0.001 (30.2th percentile) — read the EPSS interpretation.
Affected products
- Mennekes Amtron — versions 0