CVE-2025-2189
Information Disclosure Vulnerability in Tinxy Smart Devices
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.1EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
11 mar 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Productos afectados
Mogify Infotech · Tinxy 1 Node 10A and 16A Smart Wi-Fi SwitchesMogify Infotech · Tinxy 2, 4 and 6 Node Smart Wi-Fi SwitchesMogify Infotech · Tinxy Door Lock with Wi-Fi ControllerMogify Infotech · Tinxy Smart 15 Watts 3 in 1 Square Panel Ceiling LightMogify Infotech · Tinxy Smart 8 Watts 3 in 1 Round Panel Ceiling LightMogify Infotech · Tinxy Wi-Fi Lock Controller v1 RF¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →