Mennekes
Products
2- 5 CVEs
- 2 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8980 | Cri | 0.60 | — | — | May 28, 2026 | The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer accounts via crafted POST requests. | ||
| CVE-2026-8979 | Cri | 0.60 | — | — | May 28, 2026 | The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint. | ||
| CVE-2025-22368 | Hig | 0.57 | — | 0.00 | Mar 11, 2025 | The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS. | ||
| CVE-2025-22367 | Hig | 0.57 | — | 0.00 | Mar 11, 2025 | The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS. | ||
| CVE-2025-22366 | Hig | 0.57 | — | 0.00 | Mar 11, 2025 | The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS. | ||
| CVE-2025-22369 | Hig | 0.46 | — | 0.00 | Mar 11, 2025 | The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS. | ||
| CVE-2025-22370 | Med | 0.34 | — | 0.00 | Mar 11, 2025 | Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized. |
- risk 0.60cvss —epss —
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer accounts via crafted POST requests.
- risk 0.60cvss —epss —
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint.
- risk 0.57cvss —epss 0.00
The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.
- risk 0.57cvss —epss 0.00
The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
- risk 0.57cvss —epss 0.00
The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
- risk 0.46cvss —epss 0.00
The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.
- risk 0.34cvss —epss 0.00
Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized.