Vulnerability Details CVE-2025-12940
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610
and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6
Access Points). An user having access to the syslog server can read the logs containing these credentials.
This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4.
Devices
managed with Insight get automatic updates. If not, please check the firmware version
and update to the latest.
Fixed in:
WAX610 firmware
11.8.0.10 or later.
WAX610Y firmware
11.8.0.10 or later.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.9%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2025-12940
-
cpe:2.3:h:netgear:wax610:-
-
cpe:2.3:h:netgear:wax610y:-
-
cpe:2.3:o:netgear:wax610_firmware:*
-
cpe:2.3:o:netgear:wax610y_firmware:*