Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint.
AnalysisAI
Unauthenticated password reset in Mennekes Amtron EV charging stations running firmware 5.22.3 and earlier allows remote attackers to seize the operator account by sending a crafted POST to /operator/operator. CVSS 4.0 of 9.3 with PR:N/UI:N and CWE-287 reflects a complete authentication bypass, and the CVSS exploit maturity flag (E:P) plus the cyberdanube research disclosure indicate publicly available exploit code exists, though the vulnerability is not currently listed in CISA KEV.
Technical ContextAI
Mennekes Amtron is a family of AC wallbox EV chargers that expose a web-based operator interface for configuration, OCPP backend setup, and load management. The flaw is rooted in CWE-287 (Improper Authentication): the /operator/operator endpoint accepts password-change requests without first validating the requester's session or credentials, so the server-side authorization check that should gate operator-account modification is either missing or improperly enforced. Because the operator account is the highest-privilege local identity on the charger's management interface, owning it grants full administrative control over charging policies, network/OCPP configuration, and firmware management on the affected device.
RemediationAI
No vendor-released patch identified at time of analysis - operators should contact Mennekes support directly to obtain a firmware build newer than 5.22.3 and monitor https://cyberdanube.com/security-research/multiple-vulnerabilities-in-mennekes-amtron-series/ for coordinated disclosure updates. Until a fixed firmware is installed, isolate the charger's management interface from the internet and from general user VLANs by placing it on a dedicated OT/management network reachable only from administrative jump hosts; this prevents reach to /operator/operator from untrusted sources but will break any remote-management workflows that depended on direct exposure. Block inbound HTTP/HTTPS to the charger at the perimeter firewall and disable any UPnP or port-forwarding rules that publish the management UI; if the device supports it, enable client-certificate or VPN-only access to the operator interface, accepting the operational overhead of certificate distribution. Rotate the operator password after upgrading, since a pre-patch compromise may have already silently reset it.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32896
GHSA-m7v3-p7g2-xh6x