CVE-2025-2556
📋 TL;DR
The Audi UTR Dashcam 2.0 contains hard-coded credentials in its Video Stream Handler component, allowing attackers on the local network to access video streams and potentially other functions. This affects all users of the dashcam software before versions 2.89/2.90. Attackers must be on the same local network to exploit this vulnerability.
💻 Affected Systems
- Audi UTR Dashcam 2.0
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized access to live video feeds, potential device takeover, and exposure of sensitive visual data from dashcam recordings.
Likely Case
Unauthorized viewing of dashcam video streams by local network attackers, potentially compromising privacy and security of recorded footage.
If Mitigated
Limited to no impact if devices are isolated from untrusted networks and patched versions are deployed.
🎯 Exploit Status
Exploit details have been publicly disclosed on GitHub. Attackers need only connect to the vulnerable services using the hard-coded credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.89 for new customers, 2.90 for existing customers
Vendor Advisory: Not provided in CVE details
Restart Required: Yes
Instructions:
1. Contact Audi or dashcam vendor for update instructions. 2. Download and install version 2.89 or 2.90. 3. Restart the dashcam system. 4. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
allIsolate dashcam devices on a separate VLAN or network segment away from untrusted devices.
Firewall Rules
allBlock external access to dashcam RTSP (typically port 554) and FTP (port 21) services from untrusted networks.
🧯 If You Can't Patch
- Physically disconnect dashcams from networks when not needed for live streaming
- Implement strict network access controls allowing only authorized devices to communicate with dashcam services
🔍 How to Verify
Check if Vulnerable:
Attempt to connect to the dashcam's RTSP stream (rtsp://[dashcam-ip]:554/) or FTP service using default/common credentials. If access is granted without proper authentication, the device is vulnerable.Check Version:
Check dashcam web interface or documentation for firmware version. No standard CLI command available for embedded devices.Verify Fix Applied:
After updating, attempt the same connection tests. Access should be denied or require proper authentication. Check that the device reports version 2.89 or higher.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts to RTSP/FTP services
- Successful connections from unexpected IP addresses to dashcam services
Network Indicators:
- Unusual RTSP or FTP traffic patterns to dashcam devices
- Connections to dashcam ports from unauthorized network segments
SIEM Query:
source_ip IN (dashcam_ips) AND (destination_port:554 OR destination_port:21) AND NOT source_ip IN (authorized_ips)