Filtered by vendor Flock Safety
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59407 | 3 Flock Safety, Flocksafety, Google | 6 Bravo Edge Ai Compute Device, Bravo Edge Ai Compute Device, Detectionprocessing and 3 more | 2025-10-03 | 9.8 Critical |
| The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with its hardcoded password (flockhibiki17) in its code. The keystore contains a private key. | ||||
| CVE-2025-59406 | 3 Flock Safety, Flocksafety, Google | 6 Bravo Edge Ai Compute Device, Bravo Edge Ai Compute Device, Falcon and 3 more | 2025-10-03 | 6.2 Medium |
| The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software. | ||||
| CVE-2025-59408 | 1 Flock Safety | 1 Bravo Edge Ai Compute Device | 2025-09-26 | 7.3 High |
| Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections. | ||||
| CVE-2025-59404 | 1 Flock Safety | 1 Bravo Edge Ai Compute Device | 2025-09-26 | 7.5 High |
| Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions. | ||||
| CVE-2025-59402 | 1 Flock Safety | 1 Bravo Edge Ai Compute Device | 2025-09-26 | 5.4 Medium |
| Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls. | ||||
Page 1 of 1.