CVE-2025-47823
BaseFortify
Publication date: 2025-06-27
Last updated on: 2025-10-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flocksafety | license_plate_reader_firmware | to 2.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Flock Safety License Plate Reader (LPR) devices with firmware versions up to 2.2 that contain a hardcoded password for a system. This means the password is embedded in the device's firmware and cannot be changed, potentially allowing unauthorized access under certain conditions.
How can this vulnerability impact me? :
The impact of this vulnerability is limited due to its low CVSS score (2.2) and the requirement for physical or local access (Attack Vector: Physical). It could allow an attacker with physical access to the device to gain limited access to the system using the hardcoded password, potentially leading to limited confidentiality loss but no integrity or availability impact.