← Voltar para CVEs
CVE-2025-12940
MEDIUM5.5
Descricao
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.
Detalhes CVE
Pontuacao CVSS v3.15.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado11/11/2025
Ultima modificacao12/8/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
netgear:wax610netgear:wax610_firmwarenetgear:wax610ynetgear:wax610y_firmware
Fraquezas (CWE)
CWE-532
Referencias
https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025(a2826606-91e7-4eb6-899e-8484bd4575d5)
https://www.netgear.com/support/product/wax610(a2826606-91e7-4eb6-899e-8484bd4575d5)
https://www.netgear.com/support/product/wax610y(a2826606-91e7-4eb6-899e-8484bd4575d5)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.