CVE-2025-47822
CVE-2025-47822
In short
Flock Safety license plate reader devices up to firmware version 2.2 have a debug interface on the chip that lacks proper security controls, potentially allowing unauthorized access to sensitive device functions.
Technical detail
The on-chip debug interface in Flock Safety LPR devices (firmware ≤2.2) suffers from improper access control (CWE-1191), enabling attackers with physical access to the device to interact with debugging interfaces without authentication. This could lead to unauthorized firmware modification, data extraction, or device compromise.
Summary generated and translated by AI from the official description.
Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Flock Safety · License Plate ReaderWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://gainsec.com/2025/06/19/bird-hunting-season-security-research-on-flock-safety-anti-crime-systems/https://gainsec.com/2025/06/19/grounded-flight-device-2-root-shell-on-flock-safetys-falcon-sparrow-automated-license-plate-reader/https://gainsec.com/wp-content/uploads/2025/06/flock-safety-researcher-summary.pdfhttps://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert