CVE-2025-2189

Information Disclosure Vulnerability in Tinxy Smart Devices

CVSS 5.1 MEDIUMEPSS 0.1%CWE-312

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.1EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Mar 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Affected products

Mogify Infotech · Tinxy 1 Node 10A and 16A Smart Wi-Fi Switches Mogify Infotech · Tinxy 2, 4 and 6 Node Smart Wi-Fi Switches Mogify Infotech · Tinxy Door Lock with Wi-Fi Controller Mogify Infotech · Tinxy Smart 15 Watts 3 in 1 Square Panel Ceiling Light Mogify Infotech · Tinxy Smart 8 Watts 3 in 1 Round Panel Ceiling Light Mogify Infotech · Tinxy Wi-Fi Lock Controller v1 RF

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0043