Audi Universal Traffic Recorder App Hard-Coded Password Vulnerability in FTP Credentials Component
Vulnerability
A vulnerability has been identified in the Audi Universal Traffic Recorder App version 2.0, involving hard-coded FTP credentials. This vulnerability arises from an unknown function within the FTP Credentials component, where a password is embedded and used for authentication or communication with external components. The issue, classified under CWE-259, poses a confidentiality risk. Exploitation of this vulnerability requires local access and is considered complex, although a public proof-of-concept exploit is available.
Impact
The hard-coded password can be exploited to bypass authentication or manipulate FTP communications, potentially leading to unauthorized access or data interception.
Remediation
Users are advised to upgrade to Audi Universal Traffic Recorder App versions 2.89 or 2.90. Version 2.89 addresses the issue for new customers, while version 2.90 will fix it for existing customers.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.