CVE-2025-59409
Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware.
CVE-2025-59407
The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along wit…
CVE-2025-59406
The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because appl…
CVE-2025-59405
The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codeb…
CVE-2025-59403
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoin…
CVE-2025-59408
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections.
CVE-2025-59404
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.
CVE-2025-59402
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and…
CVE-2025-47824
Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.
CVE-2025-47823
Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.
CVE-2025-47822
Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.
CVE-2025-47821
Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.
CVE-2025-47820
Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.
CVE-2025-47819
Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.
CVE-2025-47818
Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.