Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer accounts via crafted POST requests.
AnalysisAI
Privilege escalation in Mennekes Amtron EV charging stations (firmware ≤ 5.22.3) allows a low-privileged authenticated user to overwrite credentials for the admin (operator) and manufacturer accounts through crafted POST requests, effectively granting full takeover of the charger's management interface. Publicly available exploit code exists per the CyberDanube research advisory, and the CVSS 4.0 base score of 9.3 reflects high impact across confidentiality, integrity, and availability with cascading effects on subsequent systems. Not currently listed in CISA KEV.
Technical ContextAI
The Mennekes Amtron series is a family of networked AC wallbox EV chargers that expose a web-based management interface for operators (administrators) and the manufacturer. The flaw is classified as CWE-269 (Improper Privilege Management), meaning the password-change endpoint fails to enforce that the requester possesses sufficient privilege over the target account; instead, any authenticated session can submit a POST request that rewrites the admin or manufacturer password. This is a classic horizontal/vertical privilege boundary failure in the authorization layer rather than an authentication bypass - the application authenticates the caller but does not verify the caller's role against the privilege level of the account being modified.
RemediationAI
No vendor-released patch identified at time of analysis; the only public reference is the CyberDanube research write-up at https://cyberdanube.com/security-research/multiple-vulnerabilities-in-mennekes-amtron-series/, which operators should monitor alongside Mennekes' own advisories for a firmware build above 5.22.3. Until a fix is published, compensating controls include removing the charger's management interface from any internet-routable network and placing it behind a VPN or jump host, restricting issuance of low-privileged web accounts to a minimum trusted set and rotating their credentials, and monitoring HTTP POST traffic to password-change endpoints for anomalous source accounts (trade-off: network restrictions may complicate remote operator workflows and OCPP-related troubleshooting). Disabling or removing the low-privileged role entirely is the strongest mitigation but will break any operational workflow that depends on it.
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32897
GHSA-x43w-f99f-mhc7