CVE-2025-12940
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-12-08
Assigner: Netgear, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netgear | wax610y_firmware | to 11.8.0.10 (exc) |
| netgear | wax610y | * |
| netgear | wax610_firmware | to 11.8.0.10 (exc) |
| netgear | wax610 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because login credentials are inadvertently recorded in the system logs when a Syslog Server is configured on NETGEAR WAX610 and WAX610Y devices. Anyone with access to the syslog server can read these logs and obtain the credentials. [2]
How can this vulnerability impact me? :
If an attacker or unauthorized user gains access to the syslog server, they can read the logs containing login credentials, potentially leading to unauthorized access to the device or network. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your NETGEAR WAX610 or WAX610Y devices are configured to send logs to a syslog server and then inspecting those logs for inadvertent recording of login credentials. You can verify the firmware version on your devices to see if it is before 10.8.11.4, which is vulnerable. Specific commands are not provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately enable automatic firmware updates on your NETGEAR WAX610 or WAX610Y devices if not already enabled, and update the firmware to version 11.8.0.10 or later. [2]