← Zuruck zu CVEs
CVE-2025-12940
MEDIUM5.5
Beschreibung
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.
CVE Details
CVSS v3.1 Bewertung5.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht11/11/2025
Zuletzt geandert12/8/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
netgear:wax610netgear:wax610_firmwarenetgear:wax610ynetgear:wax610y_firmware
Schwachen (CWE)
CWE-532
Referenzen
https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025(a2826606-91e7-4eb6-899e-8484bd4575d5)
https://www.netgear.com/support/product/wax610(a2826606-91e7-4eb6-899e-8484bd4575d5)
https://www.netgear.com/support/product/wax610y(a2826606-91e7-4eb6-899e-8484bd4575d5)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.