CVE-2025-44612

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-44612
Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi-Lock-Controller-v1-RF-%281%E2%80%909%29 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tinxy:wifi_lock_controller_v1_rf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tinxy:wifi_lock_controller_v1_rf:-:*:*:*:*:*:*:*
History

22 Jul 2025, 14:29

Type Values Removed Values Added
CPE cpe:2.3:o:tinxy:wifi_lock_controller_firmware:1:*:*:*:*:*:*:*
cpe:2.3:h:tinxy:wifi_lock_controller:-:*:*:*:*:*:*:*		 cpe:2.3:o:tinxy:wifi_lock_controller_v1_rf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tinxy:wifi_lock_controller_v1_rf:-:*:*:*:*:*:*:*
First Time Tinxy wifi Lock Controller V1 Rf Firmware
Tinxy wifi Lock Controller V1 Rf

19 Jun 2025, 01:08

Type Values Removed Values Added
References () https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi-Lock-Controller-v1-RF-%281%E2%80%909%29 - () https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi-Lock-Controller-v1-RF-%281%E2%80%909%29 - Third Party Advisory
First Time Tinxy wifi Lock Controller Firmware
Tinxy wifi Lock Controller
Tinxy
CPE cpe:2.3:o:tinxy:wifi_lock_controller_firmware:1:*:*:*:*:*:*:*
cpe:2.3:h:tinxy:wifi_lock_controller:-:*:*:*:*:*:*:*

30 May 2025, 22:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.9
CWE CWE-319

30 May 2025, 16:31

Type Values Removed Values Added
Summary
  • (es) Se descubrió que Tinxy WiFi Lock Controller v1 RF transmite información confidencial en texto sin formato, incluida información de control y credenciales del dispositivo, lo que permite a los atacantes interceptar y acceder a información confidencial a través de un ataque de intermediario.

30 May 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-30 03:15

Updated : 2025-07-22 14:29

NVD link : CVE-2025-44612

Mitre link : CVE-2025-44612

CVE.ORG link : CVE-2025-44612

JSON object : View

Products Affected

tinxy

  • wifi_lock_controller_v1_rf
  • wifi_lock_controller_v1_rf_firmware
CWE
CWE-319

Cleartext Transmission of Sensitive Information