CVE-2025-47822

EPSS 0.03%
Veröffentlicht 27.06.2025 00:00:00
Zuletzt bearbeitet 23.10.2025 17:25:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flocksafety ≫ License Plate Reader Firmware Version <= 2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.079

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org	6.4	0.5	5.9	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert

Vendor Advisory

https://gainsec.com/2025/06/19/bird-hunting-season-security-research-on-flock-safety-anti-crime-systems/

Third Party Advisory

https://gainsec.com/wp-content/uploads/2025/06/flock-safety-researcher-summary.pdf

Third Party Advisory

https://gainsec.com/2025/06/19/grounded-flight-device-2-root-shell-on-flock-safetys-falcon-sparrow-automated-license-plate-reader/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-47822

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47822

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47822

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-47822