Description

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials.  This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.

INFO

Published Date :

2025-11-11T16:17:25.837Z

Last Modified :

2025-11-14T17:41:18.640Z

Source :

NETGEAR
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12940 vulnerability.

Vendors Products
Netgear
  • Wax610
  • Wax610 Firmware
  • Wax610y
  • Wax610y Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12940.

URL Resource
https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025 cve-icon cve-icon
https://www.netgear.com/support/product/wax610 cve-icon cve-icon
https://www.netgear.com/support/product/wax610y cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact