VYPR

UTR 2.0 Universal Traffic Recorder

by Audi

CVEs (7)

  • CVE-2025-30118HigMar 25, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by…

  • CVE-2025-2555LowMar 20, 2025
    risk 0.19cvss 2.9epss 0.00

    A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an…

  • CVE-2025-45586Sep 12, 2025
    risk 0.00cvss epss 0.00

    An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request.

  • CVE-2025-45587Sep 12, 2025
    risk 0.00cvss epss 0.00

    A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-45584Sep 12, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication.

  • CVE-2025-45585Sep 12, 2025
    risk 0.00cvss epss 0.00

    Multiple stored cross-site scripting (XSS) vulnerabilities in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the wifi_sta_ssid or wifi_ap_ssid parameters.

  • CVE-2025-45583Sep 12, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password.