Audi UTR 2.0 response disclosure report

01. Report History

02. Target information

• Component : UTR 2.0 (Universal Traffic Recorder 2.0)
• Part number : 4K0.063.511.A
• Software version : V1.52

03. Vulnerbility

Vuln 1. Web Service Vulnerbility: Unauthenticated PUT Method Allows Arbitrary File Creation and Overwrite

• CVE : CVE-2025-45586

• The Audi dashcam UTR 2.0 can be controlled via Wi-Fi.

• There is a default password for the Wi-Fi, which is "1234567890".

• A port scan reveals that a total of 9 ports are open. These include ports commonly associated with well-known protocols such as FTP, WEB, and RTFP, along with several other ports that are also open.

• A vulnerability exists where the PUT method allows overwriting of existing files and creation of new files.

• UTR 2.0 - Control Proof of Concept (PoC)

  curl -v -i -X PUT <http://192.168.1.1/sd/DRIVING/20240918_003226D.mp4> -d "A"
  curl -v -i -X PUT <http://192.168.1.1/sd/DRIVING/Hacked> -d "A"
  curl -v -i -X PUT <http://192.168.1.1/sd/Hacked> -d "A"
  

  

Vuln 2. FTP Service Vulnerability: FTP Server Accepts Any Credentials – Authentication Bypass Vulnerability

• CVE : CVE-2025-45583

• The FTP server allows any username/password combination to successfully authenticate. This suggests either an authentication bypass or a fundamentally flawed authentication implementation, where user credentials are not validated at all.

  • Examples Tested:
    • root/root
    • guest/guest
    • …

  

Vuln 3. Web Service Vulnerability: Unauthenticated Access Allows Full Control