CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-2189 – Information Disclosure Vulnerability in Tinxy Smart Devices
https://notcve.org/view.php?id=CVE-2025-2189
11 Mar 2025 — This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device. Esta vulnerabilidad existe en los dispositivos inteligentes Tinxy debido al almacenamiento de credenciales en texto plano dentro del firmware del dispositivo. Un atacante con acceso físico podría aprovechar est... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0043 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12094 – Information Disclosure Vulnerability in Tinxy
https://notcve.org/view.php?id=CVE-2024-12094
05 Dec 2024 — This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0355 • CWE-312: Cleartext Storage of Sensitive Information •