How severe is CVE-2025-2556?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2025-2556?

This is classified as CWE-259, which is a common weakness in software security.

CVE-2025-2556 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers.

Related Vulnerabilities

CVE-2022-27172

MEDIUM

CVSS:4.3(Medium)

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution...

CWE-2592022

CVE-2023-29103

MEDIUM

CVSS:4.3(Medium)

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= ...

CWE-2592023

CVE-2024-2197

LOW

CVSS:4.3(Medium)

The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the appl...

CWE-2592024

CVE-2024-26196

MEDIUM

CVSS:4.3(Medium)

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

CWE-2592024

CVE-2024-7155

LOW

CVSS:4.7(Medium)

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The m...

CWE-2592024

CVE-2024-33867

MEDIUM

CVSS:4.8(Medium)

An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt.

CWE-2592024