Primary

Context

Flock Safety LPR Devices Hardcoded Password Vulnerability

Vulnerability

A vulnerability exists in Flock Safety License Plate Reader (LPR) devices running firmware through version 2.2, which have a hardcoded password for system access. This vulnerability is classified under CWE-798 (Hardcoded Credentials) and CWE-259 (Hardcoded Connection Details).

Impact

The vulnerability allows for unauthorized access to the device's system, potentially leading to exploitation of the debug interface, which is also enabled on the devices. However, physical access to the device is required to exploit this vulnerability.

Remediation

Flock Safety will address this vulnerability through Over the Air Updates and improved factory settings for new devices, starting in Q2 2025.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flock Safety LPR Devices Hardcoded Password Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating