Audi
Products
5- 7 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30118 | Hig | 0.49 | 7.5 | 0.00 | Mar 25, 2025 | An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by… | ||
| CVE-2020-27524 | Hig | 0.46 | 7.1 | 0.01 | Nov 11, 2020 | On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services. | ||
| CVE-2025-2557 | Med | 0.36 | 5.5 | 0.00 | Mar 20, 2025 | A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to improper access controls. The attack needs to be done within the local network.… | ||
| CVE-2025-2556 | Med | 0.28 | 4.3 | 0.00 | Mar 20, 2025 | A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local… | ||
| CVE-2025-2555 | Low | 0.19 | 2.9 | 0.00 | Mar 20, 2025 | A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an… | ||
| CVE-2025-45586 | 0.00 | — | 0.00 | Sep 12, 2025 | An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request. | |||
| CVE-2025-45584 | 0.00 | — | 0.00 | Sep 12, 2025 | Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication. | |||
| CVE-2025-45583 | 0.00 | — | 0.00 | Sep 12, 2025 | Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password. | |||
| CVE-2025-45585 | 0.00 | — | 0.00 | Sep 12, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the wifi_sta_ssid or wifi_ap_ssid parameters. | |||
| CVE-2025-45587 | 0.00 | — | 0.00 | Sep 12, 2025 | A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. |
- risk 0.49cvss 7.5epss 0.00
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by…
- risk 0.46cvss 7.1epss 0.01
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.
- risk 0.36cvss 5.5epss 0.00
A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to improper access controls. The attack needs to be done within the local network.…
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local…
- risk 0.19cvss 2.9epss 0.00
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an…
- CVE-2025-45586Sep 12, 2025risk 0.00cvss —epss 0.00
An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request.
- CVE-2025-45584Sep 12, 2025risk 0.00cvss —epss 0.00
Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication.
- CVE-2025-45583Sep 12, 2025risk 0.00cvss —epss 0.00
Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password.
- CVE-2025-45585Sep 12, 2025risk 0.00cvss —epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the wifi_sta_ssid or wifi_ap_ssid parameters.
- CVE-2025-45587Sep 12, 2025risk 0.00cvss —epss 0.00
A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.