Carrier Vitogate 300 Web Interface Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in the Carrier Vitogate 300 web interface. The issue arises because the interface does not properly enforce server-side authentication, instead relying on frontend authentication controls. This flaw allows attackers to manipulate HTML elements using the browser's developer tools to bypass login restrictions. By removing certain UI elements, an attacker can access the hidden administration menu and gain full control over the device.

Impact

Exploitation of this vulnerability allows unauthorized access to the administration menu, granting full control over the affected device.

Added: Sep 23, 2025, 2:17 AM

Updated: Sep 23, 2025, 2:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Carrier Vitogate 300 Web Interface Authentication Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating