CVE-2025-45583
CRITICAL WAF: Low
CVSS 9.1
Published: 2025-09-12
CWE-287
Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| audi | universal_traffic_recorder_firmware | 1.52 |
References
- 2barbie.notion.site (Exploit, Third Party Advisory)