← Retour aux CVEs
CVE-2025-12940
MEDIUM5.5
Description
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.
Details CVE
Score CVSS v3.15.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie11/11/2025
Derniere modification12/8/2025
Sourcenvd
Observations honeypot0
Produits affectes
netgear:wax610netgear:wax610_firmwarenetgear:wax610ynetgear:wax610y_firmware
Faiblesses (CWE)
CWE-532
References
https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025(a2826606-91e7-4eb6-899e-8484bd4575d5)
https://www.netgear.com/support/product/wax610(a2826606-91e7-4eb6-899e-8484bd4575d5)
https://www.netgear.com/support/product/wax610y(a2826606-91e7-4eb6-899e-8484bd4575d5)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.