CVE Catalog

CVE-2025-44619

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

The Tinxy WiFi Lock Controller v1 RF was found configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.

Risk Assessment

Attackers can gain unauthorized network access, intercept traffic, or remotely manipulate the lock, posing risks to physical security and data integrity.

Recommendation

Reconfigure the controller to use a secured Wi-Fi network (e.g., WPA2/WPA3) and update the firmware to the latest version.

Original NVD description (English source)

Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS