CVE-2025-2189 – Information Disclosure Vulnerability in Tinxy Smart Devices

https://notcve.org/view.php?id=CVE-2025-2189

11 Mar 2025 — This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device. Esta vulnerabilidad existe en los dispositivos inteligentes Tinxy debido al almacenamiento de credenciales en texto plano dentro del firmware del dispositivo. Un atacante con acceso físico podría aprovechar est... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0043 • CWE-312: Cleartext Storage of Sensitive Information •