The Mennekes Amtron series (firmware versions ≤ 5.22.3) contains a CWE-269 improper privilege management vulnerability (CVE-2026-8980) that enables an authenticated low-privileged user to escalate privileges by changing passwords of admin and manufacturer accounts through crafted POST requests. This vulnerability has a CVSS 4.0 base score of 9.3, indicating critical severity with network attack vector and no required user interaction. The vulnerability is published and assigned by CyberDanube, but no remediation level or patch information is currently available. The product is not a cloud service, so remediation depends on vendor firmware updates.

Successful exploitation allows an authenticated low-privileged user to gain administrative control by changing passwords of high-privilege accounts, potentially leading to full device compromise. This can undermine device security and operational integrity. No known exploits in the wild have been reported, but the high CVSS score reflects the critical nature of the vulnerability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch or official fix is released by Mennekes, restrict access to authenticated user accounts and monitor for suspicious activity. Avoid granting unnecessary privileges to low-level users. Follow vendor communications closely for firmware updates addressing this issue.