CVE-2026-8980— Privilege Escalation
Possible ATT&CK Techniques 1AI
T1078.001 · Default AccountsGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-8980
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege Escalation
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer accounts via crafted POST requests.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权管理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
MENNEKES AMTRON 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MENNEKES AMTRON是MENNEKES公司的一系列电动汽车交流充电桩与壁挂式充电系统。 Mennekes Amtron 5.22.3及之前版本存在安全漏洞,该漏洞源于权限提升,可能导致经过身份验证的低权限用户通过精心构造的POST请求更改管理员和制造商账户密码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-8980
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-8980
请登录查看更多情报信息。
Security Blog Posts for CVE-2026-8980 (1)
IV. Related Vulnerabilities
Same product: Amtron
Same vendor: Mennekes
- CVE-2026-8979
Authentication Bypass - CVE-2025-22366
Mennekes smart/premium charges systems, Command injection in - CVE-2025-22369
Mennekes smart/premium charges systems, Arbitrary file downl - CVE-2025-22370
Mennekes smart/premium charges systems, SQL Injection in web - CVE-2025-22368
Mennekes smart/premium charges systems, Command injection in
Same weakness: CWE-269
- CVE-2026-7465
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contrib - CVE-2026-47744
Shopper: Authorization bypass and RBAC privilege escalation - CVE-2026-45043
RustFS: ImportIam Allows Creation of Backdoor Service Accoun - CVE-2026-8809
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticate - CVE-2026-44543
Local Path Provisioner: HelperPod Template Injection
V. Comments for CVE-2026-8980
No comments yet