CVE-2025-2189

Cleartext Storage of Sensitive Information (CWE-312)
2025-03-11 [email protected]
Information Disclosure

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
CVE Published
Mar 11, 2025 - 12:15 nvd
N/A

DescriptionNVD

This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.

AnalysisAI

This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware.

Technical ContextAI

Classified as CWE-312 (Cleartext Storage of Sensitive Information). This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.

Affected ProductsAI

This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2025-2189 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy