CVE-2025-2189

Information Disclosure Vulnerability in Tinxy Smart Devices

CVSS 5.1 MEDIUMEPSS 0.1%CWE-312

This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Affected products

Mogify Infotech · Tinxy 1 Node 10A and 16A Smart Wi-Fi Switches Mogify Infotech · Tinxy 2, 4 and 6 Node Smart Wi-Fi Switches Mogify Infotech · Tinxy Door Lock with Wi-Fi Controller Mogify Infotech · Tinxy Smart 15 Watts 3 in 1 Square Panel Ceiling Light Mogify Infotech · Tinxy Smart 8 Watts 3 in 1 Round Panel Ceiling Light Mogify Infotech · Tinxy Wi-Fi Lock Controller v1 RF

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0043