Submit #513393: Audi UTR Dashcam 2.0 Incorrect Use of Privileged APIsinfo

Titel	Audi UTR Dashcam 2.0 Incorrect Use of Privileged APIs
Beschreibung	Execute Remote Commands - Using the Audi UTR APK, an attacker can obtain a list of remotely executable commands once logged on using weak/default credentials. For instance, getting userdata, calling for factory reset, or even trigger a malicious firmware update to "/sd/DSM_FW.muf".
Quelle	⚠️ https://github.com/geo-chen/Audi/blob/main/README.md#finding-4-execute-remote-commands
Benutzer	geochen (UID 78995)
Einreichung	03.03.2025 17:32 (vor 1 Jahr)
Moderieren	20.03.2025 11:24 (17 days later)
Status	Akzeptiert
VulDB Eintrag	300170 [Audi UTR Dashcam 2.0 Command API erweiterte Rechte]
Punkte	18

Do you need the next level of professionalism?

Upgrade your account now!