← Volver a CVEs
CVE-2025-12940
MEDIUM5.5
Descripcion
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.
Detalles CVE
Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado11/11/2025
Ultima modificacion12/8/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
netgear:wax610netgear:wax610_firmwarenetgear:wax610ynetgear:wax610y_firmware
Debilidades (CWE)
CWE-532
Referencias
https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025(a2826606-91e7-4eb6-899e-8484bd4575d5)
https://www.netgear.com/support/product/wax610(a2826606-91e7-4eb6-899e-8484bd4575d5)
https://www.netgear.com/support/product/wax610y(a2826606-91e7-4eb6-899e-8484bd4575d5)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.