Vulnerabilites related to tinxy - wifi_lock_controller_v1_rf
Vulnerability from fkie_nvd
Published
2025-05-30 03:15
Modified
2025-07-22 14:28
Severity ?
Summary
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://tinxy.com | Broken Link, Not Applicable | |
| cve@mitre.org | http://wifi.com | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinxy | wifi_lock_controller_v1_rf_firmware | - | |
| tinxy | wifi_lock_controller_v1_rf | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tinxy:wifi_lock_controller_v1_rf_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F93E68C-3A99-42D0-BDF6-E958022BF80F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tinxy:wifi_lock_controller_v1_rf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D010B68A-D247-451F-91DB-B6FD85205BE8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tinxy WiFi Lock Controller v1 RF estaba configurado para transmitir en una red Wi-Fi abierta, lo que permit\u00eda a los atacantes unirse a la red sin autenticaci\u00f3n."
}
],
"id": "CVE-2025-44619",
"lastModified": "2025-07-22T14:28:05.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-30T03:15:20.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://tinxy.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://wifi.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-30 03:15
Modified
2025-07-22 14:29
Severity ?
Summary
Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi-Lock-Controller-v1-RF-%281%E2%80%909%29 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinxy | wifi_lock_controller_v1_rf_firmware | - | |
| tinxy | wifi_lock_controller_v1_rf | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tinxy:wifi_lock_controller_v1_rf_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F93E68C-3A99-42D0-BDF6-E958022BF80F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tinxy:wifi_lock_controller_v1_rf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D010B68A-D247-451F-91DB-B6FD85205BE8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tinxy WiFi Lock Controller v1 RF transmite informaci\u00f3n confidencial en texto sin formato, incluida informaci\u00f3n de control y credenciales del dispositivo, lo que permite a los atacantes interceptar y acceder a informaci\u00f3n confidencial a trav\u00e9s de un ataque de intermediario."
}
],
"id": "CVE-2025-44612",
"lastModified": "2025-07-22T14:29:40.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-30T03:15:20.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi-Lock-Controller-v1-RF-%281%E2%80%909%29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-30 03:15
Modified
2025-07-22 14:29
Severity ?
Summary
Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi-Lock-Controller-v1-RF-%281%E2%80%909%29 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinxy | wifi_lock_controller_v1_rf_firmware | - | |
| tinxy | wifi_lock_controller_v1_rf | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tinxy:wifi_lock_controller_v1_rf_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F93E68C-3A99-42D0-BDF6-E958022BF80F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tinxy:wifi_lock_controller_v1_rf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D010B68A-D247-451F-91DB-B6FD85205BE8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tinxy WiFi Lock Controller v1 RF was discovered to store users\u0027 sensitive information, including credentials and mobile phone numbers, in plaintext."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tinxy WiFi Lock Controller v1 RF almacena informaci\u00f3n confidencial de los usuarios, incluidas credenciales y n\u00fameros de tel\u00e9fono m\u00f3vil, en texto sin formato."
}
],
"id": "CVE-2025-44614",
"lastModified": "2025-07-22T14:29:32.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-30T03:15:20.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi-Lock-Controller-v1-RF-%281%E2%80%909%29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-44619 (GCVE-0-2025-44619)
Vulnerability from cvelistv5
Published
2025-05-30 00:00
Modified
2025-05-30 22:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wifi.com | ||
| http://tinxy.com |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-44619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T14:41:33.447837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T22:02:07.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T02:13:13.100Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://wifi.com"
},
{
"url": "http://tinxy.com"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-44619",
"datePublished": "2025-05-30T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-05-30T22:02:07.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-44614 (GCVE-0-2025-44614)
Vulnerability from cvelistv5
Published
2025-05-30 00:00
Modified
2025-05-30 22:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-44614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T14:41:43.684000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T22:02:12.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tinxy WiFi Lock Controller v1 RF was discovered to store users\u0027 sensitive information, including credentials and mobile phone numbers, in plaintext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T02:13:12.547Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi-Lock-Controller-v1-RF-%281%E2%80%909%29"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-44614",
"datePublished": "2025-05-30T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-05-30T22:02:12.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-44612 (GCVE-0-2025-44612)
Vulnerability from cvelistv5
Published
2025-05-30 00:00
Modified
2025-05-30 22:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-44612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T14:41:53.690979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T22:02:19.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T02:13:11.499Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi-Lock-Controller-v1-RF-%281%E2%80%909%29"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-44612",
"datePublished": "2025-05-30T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-05-30T22:02:19.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}