MidnightBSD

Advisories for flocksafety

CVE-2025-47818

Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.2 LOW CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N 0.5 1.4

Products Affected

Vendor Product Version
flocksafety gunshot_detection_firmware *
CVE-2025-47819

Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.4 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
flocksafety gunshot_detection_firmware *
CVE-2025-47820

Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.0 LOW CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 0.5 1.4

Products Affected

Vendor Product Version
flocksafety gunshot_detection_firmware *
CVE-2025-47821

Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.2 LOW CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N 0.5 1.4

Products Affected

Vendor Product Version
flocksafety gunshot_detection_firmware *
CVE-2025-47822

Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.4 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
flocksafety license_plate_reader_firmware *
CVE-2025-47823

Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.2 LOW CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N 0.5 1.4

Products Affected

Vendor Product Version
flocksafety license_plate_reader_firmware *
CVE-2025-47824

Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.0 LOW CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 0.5 1.4

Products Affected

Vendor Product Version
flocksafety license_plate_reader_firmware *
CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L 0.7 4.7

Products Affected

Vendor Product Version
flocksafety bravo_compute_box_firmware -
CVE-2025-59403

The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
flocksafety flock_safety 6.35.31
CVE-2025-59404

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
flocksafety bravo_compute_box_firmware -
CVE-2025-59405

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
flocksafety flock_safety 7.38.3
CVE-2025-59406

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
flocksafety flock_safety 6.21.11
CVE-2025-59407

The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with its hardcoded password (flockhibiki17) in its code. The keystore contains a private key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
flocksafety flock_safety 6.35.33
CVE-2025-59408

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
flocksafety bravo_compute_box_firmware -
CVE-2025-59409

Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
flocksafety license_plate_reader_firmware -