A high-severity vulnerability has been identified in Flock Safety Falcon and Sparrow License Plate Readers. This flaw could allow a remote, unauthenticated attacker to access sensitive data collected by the devices, including license plate information and location data. Successful exploitation poses a significant privacy risk and could compromise the integrity of the data collected by these security systems.

The vulnerability exists within an improperly secured API endpoint on the device's management interface. The endpoint fails to enforce proper authentication, allowing a remote attacker to send crafted requests to the device. By exploiting this flaw, an attacker can query the device's database and exfiltrate sensitive stored data, including captured license plate images, timestamps, and GPS coordinates, without requiring any prior access or credentials.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could lead to a significant data breach, exposing sensitive and personally identifiable information (PII) collected by the license plate readers. The business impact includes severe reputational damage, loss of customer trust, and potential legal and regulatory penalties for failing to protect sensitive data. Furthermore, compromised data could be used by malicious actors for surveillance, stalking, or to undermine law enforcement activities that rely on this data.

Immediate Action: The primary remediation is to apply the security patches provided by Flock immediately across all affected Falcon and Sparrow devices. Before and after patching, organizations should review device access logs for any signs of anomalous or unauthorized queries that could indicate a past or ongoing compromise.

Proactive Monitoring: Security teams should actively monitor network traffic to and from the affected devices for unusual patterns, such as large data transfers or connections from untrusted IP addresses. Implement enhanced logging and alerting for API access requests, specifically looking for unauthenticated queries to sensitive data endpoints. System behavior should be monitored for any deviations from the established baseline.

Compensating Controls: If immediate patching is not feasible, implement network segmentation to isolate the license plate readers from public-facing networks. Restrict access to the devices' management interfaces to a limited set of trusted administrative IP addresses using firewall rules. If applicable, deploy a Web Application Firewall (WAF) with rules designed to inspect and block malicious requests targeting the vulnerable API endpoint.

Public Exploit Available: false

Given the high severity of this vulnerability and the sensitive nature of the data at risk, it is strongly recommended that organizations prioritize the immediate application of the vendor-supplied security updates. Although there is no evidence of active exploitation at this time, the risk of a significant privacy breach is substantial. Organizations unable to patch immediately should implement the suggested compensating controls, such as network segmentation and access restrictions, to reduce the attack surface while a permanent fix is scheduled.