CVE-2025-2189
Information Disclosure Vulnerability in Tinxy Smart Devices
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.1EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
11 mar 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Produtos afetados
Mogify Infotech · Tinxy 1 Node 10A and 16A Smart Wi-Fi SwitchesMogify Infotech · Tinxy 2, 4 and 6 Node Smart Wi-Fi SwitchesMogify Infotech · Tinxy Door Lock with Wi-Fi ControllerMogify Infotech · Tinxy Smart 15 Watts 3 in 1 Square Panel Ceiling LightMogify Infotech · Tinxy Smart 8 Watts 3 in 1 Round Panel Ceiling LightMogify Infotech · Tinxy Wi-Fi Lock Controller v1 RFQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →