// For flags

CVE-2025-2189

Information Disclosure Vulnerability in Tinxy Smart Devices

Severity Score

5.1
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.

Esta vulnerabilidad existe en los dispositivos inteligentes Tinxy debido al almacenamiento de credenciales en texto plano dentro del firmware del dispositivo. Un atacante con acceso físico podría aprovechar esto extrayendo el firmware y analizando los datos binarios para obtener las credenciales en texto plano almacenadas en el dispositivo vulnerable.

*Credits: This vulnerability is reported by Shravan Singh from Mumbai, India.
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
Low
Integrity
None
None
Availability
None
None
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2025-03-11 CVE Reserved
  • 2025-03-11 CVE Published
  • 2025-03-11 CVE Updated
  • 2025-03-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-312: Cleartext Storage of Sensitive Information
CAPEC
  • CAPEC-37: Retrieve Embedded Sensitive Data
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mogify Infotech
Search vendor "Mogify Infotech"
 Tinxy Wi-Fi Lock Controller V1 RF
Search vendor "Mogify Infotech" for product "Tinxy Wi-Fi Lock Controller V1 RF"
 <=
Search vendor "Mogify Infotech" for product "Tinxy Wi-Fi Lock Controller V1 RF" and version " <= "
en
Affected
Mogify Infotech
Search vendor "Mogify Infotech"
 Tinxy Door Lock With Wi-Fi Controller
Search vendor "Mogify Infotech" for product "Tinxy Door Lock With Wi-Fi Controller"
 <=
Search vendor "Mogify Infotech" for product "Tinxy Door Lock With Wi-Fi Controller" and version " <= "
en
Affected
Mogify Infotech
Search vendor "Mogify Infotech"
 Tinxy 1 Node 10A And 16A Smart Wi-Fi Switches
Search vendor "Mogify Infotech" for product "Tinxy 1 Node 10A And 16A Smart Wi-Fi Switches"
 <=
Search vendor "Mogify Infotech" for product "Tinxy 1 Node 10A And 16A Smart Wi-Fi Switches" and version " <= "
en
Affected
Mogify Infotech
Search vendor "Mogify Infotech"
 Tinxy 2, 4 And 6 Node Smart Wi-Fi Switches
Search vendor "Mogify Infotech" for product "Tinxy 2, 4 And 6 Node Smart Wi-Fi Switches"
 <=
Search vendor "Mogify Infotech" for product "Tinxy 2, 4 And 6 Node Smart Wi-Fi Switches" and version " <= "
en
Affected
Mogify Infotech
Search vendor "Mogify Infotech"
 Tinxy Smart 15 Watts 3 In 1 Square Panel Ceiling Light
Search vendor "Mogify Infotech" for product "Tinxy Smart 15 Watts 3 In 1 Square Panel Ceiling Light"
 <=
Search vendor "Mogify Infotech" for product "Tinxy Smart 15 Watts 3 In 1 Square Panel Ceiling Light" and version " <= "
en
Affected
Mogify Infotech
Search vendor "Mogify Infotech"
 Tinxy Smart 8 Watts 3 In 1 Round Panel Ceiling Light
Search vendor "Mogify Infotech" for product "Tinxy Smart 8 Watts 3 In 1 Round Panel Ceiling Light"
 <=
Search vendor "Mogify Infotech" for product "Tinxy Smart 8 Watts 3 In 1 Round Panel Ceiling Light" and version " <= "
en
Affected