CVE-2025-12940

Nov. 12, 2025, 4:19 p.m.

0.5
Low

Description

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials.  This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.

Product(s) Impacted

Vendor Product Versions
Netgear
  • Wax610
  • Wax610y
  • <10.8.11.4, 11.8.0.10
  • <10.8.11.4, 11.8.0.10

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a netgear wax610 <10.8.11.4 / / / / / / /
a netgear wax610 11.8.0.10 / / / / / / /
a netgear wax610y <10.8.11.4 / / / / / / /
a netgear wax610y 11.8.0.10 / / / / / / /

References

https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025
https://www.netgear.com/support/product/wax610
https://www.netgear.com/support/product/wax610y

Tags

CWE-532
2025-11-11
CVE-2025-12940
a2826606-91e7-4eb6-899e-8484bd4575d5

CVSS Score

0.5 / 10

CVSS Data - 4.0

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Attack Requirements: PRESENT
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: LOW
  • Exploit Maturity: UNREPORTED

    • CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Amber

    View Vector String

Timeline

Published: Nov. 11, 2025, 5:15 p.m.
Last Modified: Nov. 12, 2025, 4:19 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

a2826606-91e7-4eb6-899e-8484bd4575d5

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.