CVE-2025-44612

Published: May 30, 2025Modified: Jul 22, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.

Affected (1)

Products: Tinxy: Wifi Lock Controller V1 Rf Firmware

1 product

Wifi Lock Controller V1 Rf Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tinxy Wifi Lock Controller V1 Rf Firmware	All versions

Running on/with	Platform Versions
Tinxy Wifi Lock Controller V1 Rf	All versions

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (1)

https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi-Lock-Controller-v1-RF-%281%E2%80%909%29

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.