CVE-2025-2189

Published: Mar 11, 2025

Modified: Mar 11, 2025

PUBLISHED

Description

This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.

Vendor	Product	Versions
Mogify Infotech	Tinxy Wi-Fi Lock Controller v1 RF	affected `all versions`
Mogify Infotech	Tinxy Door Lock with Wi-Fi Controller	affected `all versions`
Mogify Infotech	Tinxy 1 Node 10A and 16A Smart Wi-Fi Switches	affected `all versions`
Mogify Infotech	Tinxy 2, 4 and 6 Node Smart Wi-Fi Switches	affected `all versions`
Mogify Infotech	Tinxy Smart 15 Watts 3 in 1 Square Panel Ceiling Light	affected `all versions`
Mogify Infotech	Tinxy Smart 8 Watts 3 in 1 Round Panel Ceiling Light	affected `all versions`

Weaknesses (CWE)

CWE-312

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0043

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-2189

Description

Affected Products

Weaknesses (CWE)

References