Description
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.
References (1)
Core 1
Core References
Various Sources third-party-advisory
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0043
Scores
CVSS v4
5.1
EPSS
0.0014
EPSS Percentile
3.6%
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-312
Status
published
Products (6)
Mogify Infotech/Tinxy 1 Node 10A and 16A Smart Wi-Fi Switches
all versions
Mogify Infotech/Tinxy 2, 4 and 6 Node Smart Wi-Fi Switches
all versions
Mogify Infotech/Tinxy Door Lock with Wi-Fi Controller
all versions
Mogify Infotech/Tinxy Smart 15 Watts 3 in 1 Square Panel Ceiling Light
all versions
Mogify Infotech/Tinxy Smart 8 Watts 3 in 1 Round Panel Ceiling Light
all versions
Mogify Infotech/Tinxy Wi-Fi Lock Controller v1 RF
all versions
Published
Mar 11, 2025
Tracked Since
Feb 18, 2026