Security Flaw in Tinxy WiFi Lock Controller Affects User Authentication
CVE-2025-44612

5.9MEDIUM

Key Information:

Vendor

Tinxy

Status
WiFi Lock Controller v1 RF
Vendor
CVE Published:
30 May 2025

What is CVE-2025-44612?

A security vulnerability in the Tinxy WiFi Lock Controller v1 RF allows sensitive information, including control commands and device credentials, to be transmitted in plaintext. This flaw may enable attackers to intercept communications through a man-in-the-middle attack, potentially compromising user data and control over the device.

References

https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi...

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.