Submit #513393: Audi UTR Dashcam 2.0 Incorrect Use of Privileged APIsinfo

TitleAudi UTR Dashcam 2.0 Incorrect Use of Privileged APIs
DescriptionExecute Remote Commands - Using the Audi UTR APK, an attacker can obtain a list of remotely executable commands once logged on using weak/default credentials. For instance, getting userdata, calling for factory reset, or even trigger a malicious firmware update to "/sd/DSM_FW.muf".
Source⚠️ https://github.com/geo-chen/Audi/blob/main/README.md#finding-4-execute-remote-commands
User
 geochen (UID 78995)
Submission03/03/2025 17:32 (1 Year ago)
Moderation03/20/2025 11:24 (17 days later)
StatusAccepted
VulDB entry300170 [Audi UTR Dashcam 2.0 Command API access control]
Points18

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!