CVE-2025-2189

MEDIUM

Tinxy Smart Devices - Info Disclosure

Title source: llm

Description

This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.

References (1)

[Various Sources] https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0043

Scores

CVSS v4 5.1

EPSS 0.0006

EPSS Percentile 18.7%

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-312

Status published

Products (6)

Mogify Infotech/Tinxy 1 Node 10A and 16A Smart Wi-Fi Switches all versions

Mogify Infotech/Tinxy 2, 4 and 6 Node Smart Wi-Fi Switches all versions

Mogify Infotech/Tinxy Door Lock with Wi-Fi Controller all versions

Mogify Infotech/Tinxy Smart 15 Watts 3 in 1 Square Panel Ceiling Light all versions

Mogify Infotech/Tinxy Smart 8 Watts 3 in 1 Round Panel Ceiling Light all versions

Mogify Infotech/Tinxy Wi-Fi Lock Controller v1 RF all versions

Published Mar 11, 2025

Tracked Since Feb 18, 2026