CVE-2025-45583

Published: Sep 12, 2025Modified: Oct 16, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password.

Affected (1)

Products: Audi: Universal Traffic Recorder Firmware

Audi

1 product

Universal Traffic Recorder Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Audi Universal Traffic Recorder Firmware	Version 1.52

Running on/with	Platform Versions
Audi Universal Traffic Recorder	Version 2.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (1)

https://2barbie.notion.site/2024-Audi-UTR-2-0-Report-1bff0be688c680cb8795efe78732f8b9

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.