Gainsec

**Name of the Vulnerable Software and Affected Versions** Flock Safety Android Collins application (aka com.flocksafety.android.collins) version 6.35.31 **Description** The Flock Safety Android Collins application version 6.35.31 lacks authentication. It manages the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. These endpoints include `/reboot`, `/logs`, `/crashpack`, and `/adb/enable`. Exploitation of the `/reboot` endpoint can lead to denial of service (DoS). The `/logs` endpoint allows for information disclosure. The `/adb/enable` endpoint enables adb over TCP without debugging confirmation, potentially granting an attacker on the local area network (LAN) or wireless LAN (WLAN) shell access. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flock Safety Falcon and Sparrow License Plate Readers version OPM1.171019.026 **Description** The devices ship with development Wi-Fi credentials (specifically, `test flck`) stored in cleartext within the production firmware. This could allow unauthorized access to the devices. **Recommendations** Update to a newer version that does not contain the hardcoded Wi-Fi credentials.

**Name of the Vulnerable Software and Affected Versions** Flock Safety DetectionProcessing application version 6.35.33 **Description** The Flock Safety DetectionProcessing application for Android version 6.35.33, used on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices, includes a Java Keystore (`flock rye.bks`) with a hardcoded password (`flockhibiki17`) within its code. This keystore contains a private key. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flock Safety Pisco application version 6.21.11 **Description** The Flock Safety Pisco application for Android contains a cleartext Auth0 client secret within its codebase. Attackers can recover this OAuth secret without elevated privileges by decompiling or inspecting the application binaries. The secret is intended to be confidential and should not be embedded directly in client-side software. The application is installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flock Safety Peripheral version 7.38.3 **Description** The Flock Safety Peripheral application for Android contains a cleartext DataDog API key within its codebase. Attackers can recover the OAuth secret without special privileges by decompiling or inspecting the application binaries. This secret is intended to remain confidential and should not be embedded directly in client-side software. The application is installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: The Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) contain an unauthenticated EFI shell. This allows attackers to execute arbitrary code or escalate privileges during the boot process. Recommendations: Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version newer than 4.6.0.1211.28. Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version newer than 3.8.0.1119.42. Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version newer than 3.2.0.829.23.

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: The Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units (RSUs) lack secure password requirements for the BIOS Supervisor and User accounts. This allows attackers to bypass authentication through a bruteforce attack. Recommendations: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) version 3.2.0.829.23: Implement strong password policies for BIOS Supervisor and User accounts. Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) version 3.8.0.1119.42: Implement strong password policies for BIOS Supervisor and User accounts. Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) version 4.6.0.1211.28: Implement strong password policies for BIOS Supervisor and User accounts.

Name of the Vulnerable Software and Affected Versions: Flock Safety Gunshot Detection devices versions prior to 1.3 Description: The issue concerns a hard-coded password for a connection in Flock Safety Gunshot Detection devices. This hardcoded password allows for unauthenticated access to the device's HTTP server. Recommendations: For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the device's HTTP server until a patch is available.

Name of the Vulnerable Software and Affected Versions: Flock Safety Gunshot Detection devices versions prior to 1.3 Description: The issue concerns an on-chip debug interface with improper access control in Flock Safety Gunshot Detection devices. Recommendations: For versions prior to 1.3, update to version 1.3 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Flock Safety LPR devices with firmware through 2.2 Description: The issue concerns a hardcoded password for a system in Flock Safety LPR devices. Recommendations: For Flock Safety LPR devices with firmware through 2.2, consider changing the hardcoded password as soon as possible to mitigate the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Flock Safety LPR devices versions through 2.2 Description: The issue concerns an on-chip debug interface with improper access control. Recommendations: For versions through 2.2, consider disabling the on-chip debug interface until a patch is available. Restrict access to the device to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Flock Safety Gunshot Detection devices versions prior to 1.3 Description: The issue concerns a hardcoded password for a system in Flock Safety Gunshot Detection devices. This hardcoded password could potentially be exploited. Recommendations: For versions prior to 1.3, consider changing the hardcoded password to a unique and secure password as soon as possible. As a temporary workaround, restrict access to the system to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Flock Safety Gunshot Detection devices versions prior to 1.3 Description: The issue concerns cleartext storage of code in Flock Safety Gunshot Detection devices. This means that the code is stored in a plaintext format, potentially allowing unauthorized access to sensitive information. Recommendations: For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the device's code storage to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Flock Safety LPR devices with firmware through 2.2 Description: The issue concerns cleartext storage of code in Flock Safety LPR devices. Recommendations: For Flock Safety LPR devices with firmware through 2.2, update to a version that addresses the cleartext storage of code issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.