UTR 2.0 Universal Traffic Recorder
by Audi
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30118 | Hig | 0.49 | 7.5 | 0.00 | Mar 25, 2025 | An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by… | ||
| CVE-2025-2555 | Low | 0.19 | 2.9 | 0.00 | Mar 20, 2025 | A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an… | ||
| CVE-2025-45586 | 0.00 | — | 0.00 | Sep 12, 2025 | An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request. | |||
| CVE-2025-45587 | 0.00 | — | 0.00 | Sep 12, 2025 | A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2025-45584 | 0.00 | — | 0.00 | Sep 12, 2025 | Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication. | |||
| CVE-2025-45585 | 0.00 | — | 0.00 | Sep 12, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the wifi_sta_ssid or wifi_ap_ssid parameters. | |||
| CVE-2025-45583 | 0.00 | — | 0.00 | Sep 12, 2025 | Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password. |
- risk 0.49cvss 7.5epss 0.00
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by…
- risk 0.19cvss 2.9epss 0.00
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an…
- CVE-2025-45586Sep 12, 2025risk 0.00cvss —epss 0.00
An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request.
- CVE-2025-45587Sep 12, 2025risk 0.00cvss —epss 0.00
A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-45584Sep 12, 2025risk 0.00cvss —epss 0.00
Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication.
- CVE-2025-45585Sep 12, 2025risk 0.00cvss —epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the wifi_sta_ssid or wifi_ap_ssid parameters.
- CVE-2025-45583Sep 12, 2025risk 0.00cvss —epss 0.00
Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password.