2Barbie

Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 (affected versions not specified) Description: An incorrect access control issue exists in the FTP protocol. This allows attackers to authenticate to the service using any combination of `username` and `password`. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 (affected versions not specified) Description: The web service contains an incorrect access control configuration, allowing attackers to download car information without authentication. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder version 2.0 Description: The software contains multiple stored cross-site scripting (XSS) vulnerabilities. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the `wifi sta ssid` or `wifi ap ssid` parameters. Recommendations: As a mitigation, sanitize the input received from the `wifi sta ssid` parameter. As a mitigation, sanitize the input received from the `wifi ap ssid` parameter. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 Description: An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files by submitting a crafted PUT request. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 Description: A stack overflow in the FTP service allows attackers to cause a Denial of Service (DoS) via a crafted input. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.