Which versions of Mennekes Amtron are affected by EUVD-2026-32897?

Mennekes Amtron EV charging stations (firmware ≤5.22.3) contain a critical privilege escalation vulnerability enabling any authenticated user to seize full administrative control over charger…

Mennekes Amtron EUVD-2026-32897

Q: What is the CVSS score of EUVD-2026-32897?

EUVD-2026-32897 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

| CVE-2026-8980 CRITICAL

Improper Privilege Management (CWE-269)

2026-05-28 office@cyberdanube.com

GHSA-x43w-f99f-mhc7

Privilege Escalation

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 28, 2026 - 14:30 vuln.today

DescriptionNVD

The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer accounts via crafted POST requests.

AnalysisAI

Privilege escalation in Mennekes Amtron EV charging stations (firmware ≤ 5.22.3) allows a low-privileged authenticated user to overwrite credentials for the admin (operator) and manufacturer accounts through crafted POST requests, effectively granting full takeover of the charger's management interface. Publicly available exploit code exists per the CyberDanube research advisory, and the CVSS 4.0 base score of 9.3 reflects high impact across confidentiality, integrity, and availability with cascading effects on subsequent systems. …

RemediationAI

Within 24 hours: inventory all Mennekes Amtron devices and firmware versions; immediately restrict network access from untrusted segments; disable remote management if operationally feasible. Within 7 days: contact Mennekes for patch timeline and workarounds; implement network segmentation isolating chargers from corporate and customer networks; restrict management interface access to authorized administrators only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-32897 vulnerability details – vuln.today

Back

Mennekes Amtron EUVD-2026-32897

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Mennekes Amtron EUVD-2026-32897

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code