VYPR
Vendor

Flock Safety

Products
9
CVEs
15
Across products
18
Status
Private

Products

9

Recent CVEs

15
  • CVE-2025-47822MedJun 27, 2025
    risk 0.42cvss 6.4epss 0.00

    Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.

  • CVE-2025-47819MedJun 27, 2025
    risk 0.42cvss 6.4epss 0.00

    Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.

  • CVE-2025-47823LowJun 27, 2025
    risk 0.14cvss 2.2epss 0.00

    Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.

  • CVE-2025-47821LowJun 27, 2025
    risk 0.14cvss 2.2epss 0.00

    Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.

  • CVE-2025-47818LowJun 27, 2025
    risk 0.14cvss 2.2epss 0.00

    Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.

  • CVE-2025-47824LowJun 27, 2025
    risk 0.13cvss 2.0epss 0.00

    Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.

  • CVE-2025-47820LowJun 27, 2025
    risk 0.13cvss 2.0epss 0.00

    Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.

  • CVE-2025-59409Oct 2, 2025
    risk 0.00cvss epss 0.00

    Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware.

  • CVE-2025-59407Oct 2, 2025
    risk 0.00cvss epss 0.01

    The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with its hardcoded password…

  • CVE-2025-59403Oct 2, 2025
    risk 0.00cvss epss 0.01

    The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication.…

  • CVE-2025-59406Oct 2, 2025
    risk 0.00cvss epss 0.00

    The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially…

  • CVE-2025-59405Oct 2, 2025
    risk 0.00cvss epss 0.00

    The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can…

  • CVE-2025-59408Sep 25, 2025
    risk 0.00cvss epss 0.00

    Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections.

  • CVE-2025-59404Sep 25, 2025
    risk 0.00cvss epss 0.00

    Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.

  • CVE-2025-59402Sep 25, 2025
    risk 0.00cvss epss 0.00

    Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security…