Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Viessmann Vitogate 300 Authentication Bypass
Vulnerability Description
The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attacker can reveal the hidden administration menu, giving them full control over the device.
CVSS Information
N/A
Vulnerability Type
服务端安全的客户端实施
Vulnerability Title
Viessmann Vitogate 300 安全漏洞
Vulnerability Description
Viessmann Vitogate 300是德国Viessmann公司的一款通信网关。 Viessmann Vitogate 300存在安全漏洞,该漏洞源于未实施正确的服务器端身份验证且依赖前端身份验证控制,可能导致攻击者通过修改浏览器开发者工具中的HTML元素绕过登录限制并获取设备完全控制权。
CVSS Information
N/A
Vulnerability Type
N/A