CVE-2025-30118

{"id": "CVE-2025-30118", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-25T20:15:22.447", "references": [{"url": "https://github.com/geo-chen/Audi/blob/main/README.md#finding-1---cve-2025-30118-audi-utr-susceptibility-to-dos", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only available connection. The SSID remains broadcast at all times, increasing exposure to potential attacks."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Audi Universal Traffic Recorder 2.88. Presenta vulnerabilidad a la denegaci\u00f3n de servicio. Utiliza las mismas credenciales predeterminadas para todos los dispositivos y no implementa una autenticaci\u00f3n multidispositivo adecuada, lo que permite a los atacantes denegar el acceso al propietario ocupando la \u00fanica conexi\u00f3n disponible. El SSID se mantiene en constante difusi\u00f3n, lo que aumenta la exposici\u00f3n a posibles ataques."}], "lastModified": "2025-03-27T16:45:46.410", "sourceIdentifier": "cve@mitre.org"}