CVE-2025-12940
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-11

Last updated on: 2025-12-08

Assigner: Netgear, Inc.

Description
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials.Β  This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-11
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-11-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12940
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
netgear wax610y_firmware to 11.8.0.10 (exc)
netgear wax610y *
netgear wax610_firmware to 11.8.0.10 (exc)
netgear wax610 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs because login credentials are inadvertently recorded in the system logs when a Syslog Server is configured on NETGEAR WAX610 and WAX610Y devices. Anyone with access to the syslog server can read these logs and obtain the credentials. [2]

Impact Analysis

If an attacker or unauthorized user gains access to the syslog server, they can read the logs containing login credentials, potentially leading to unauthorized access to the device or network. [2]

Detection Guidance

This vulnerability can be detected by checking if your NETGEAR WAX610 or WAX610Y devices are configured to send logs to a syslog server and then inspecting those logs for inadvertent recording of login credentials. You can verify the firmware version on your devices to see if it is before 10.8.11.4, which is vulnerable. Specific commands are not provided in the resources. [2]

Mitigation Strategies

To mitigate this vulnerability, immediately enable automatic firmware updates on your NETGEAR WAX610 or WAX610Y devices if not already enabled, and update the firmware to version 11.8.0.10 or later. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12940. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart