VYPR
Vendor

Audi

Products
5
CVEs
10
Across products
11
Status
Private

Products

5

Recent CVEs

10
  • CVE-2025-30118HigMar 25, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by…

  • CVE-2020-27524HigNov 11, 2020
    risk 0.46cvss 7.1epss 0.01

    On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.

  • CVE-2025-2557MedMar 20, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to improper access controls. The attack needs to be done within the local network.…

  • CVE-2025-2556MedMar 20, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local…

  • CVE-2025-2555LowMar 20, 2025
    risk 0.19cvss 2.9epss 0.00

    A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an…

  • CVE-2025-45586Sep 12, 2025
    risk 0.00cvss epss 0.00

    An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request.

  • CVE-2025-45584Sep 12, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication.

  • CVE-2025-45583Sep 12, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password.

  • CVE-2025-45585Sep 12, 2025
    risk 0.00cvss epss 0.00

    Multiple stored cross-site scripting (XSS) vulnerabilities in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the wifi_sta_ssid or wifi_ap_ssid parameters.

  • CVE-2025-45587Sep 12, 2025
    risk 0.00cvss epss 0.00

    A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.