Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Audi Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-45583 1 Audi 2 Universal Traffic Recorder, Universal Traffic Recorder Firmware 2025-10-16 N/A 9.1 CRITICAL
Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password.
CVE-2025-45584 1 Audi 2 Universal Traffic Recorder, Universal Traffic Recorder Firmware 2025-10-16 N/A 7.5 HIGH
Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication.
CVE-2025-45585 1 Audi 2 Universal Traffic Recorder, Universal Traffic Recorder Firmware 2025-10-16 N/A 5.4 MEDIUM
Multiple stored cross-site scripting (XSS) vulnerabilities in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the wifi_sta_ssid or wifi_ap_ssid parameters.
CVE-2025-45586 1 Audi 2 Universal Traffic Recorder, Universal Traffic Recorder Firmware 2025-10-16 N/A 7.5 HIGH
An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request.
CVE-2025-45587 1 Audi 2 Universal Traffic Recorder, Universal Traffic Recorder Firmware 2025-10-16 N/A 7.0 HIGH
A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2020-27524 1 Audi 2 A7, Mmi Multiplayer 2024-11-21 4.8 MEDIUM 7.1 HIGH
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.