CVE-2025-2189
Description
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-2189? +
How do I check if I'm vulnerable to CVE-2025-2189? +
Related Vulnerabilities
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker …
The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows …
next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of …
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are …
Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local …
This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text …