CVE-2025-12940

Low CVSS: 0.5

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610
and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6
Access Points). An user having access to the syslog server can read the logs containing these credentials.

This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4.

Devices
managed with Insight get automatic updates. If not, please check the firmware version
and update to the latest.

Fixed in:

WAX610 firmware
11.8.0.10 or later.

WAX610Y firmware
11.8.0.10 or later.

Vendor

Netgear

Product

Wax610y Firmware

CWE

CWE-532

Yayın Tarihi

2025-11-11 17:15:39

Güncelleme

2025-12-08 14:24:51

Source Identifier

a2826606-91e7-4eb6-899e-8484bd4575d5

KEV Date Added

Kategoriler

CWE-532 Wax610y Firmware LOW Netgear 2025

Referanslar

https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025 https://www.netgear.com/support/product/wax610 https://www.netgear.com/support/product/wax610y

Benzer Kayıtlar

High

CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS ce…

High

CVE-2022-40619

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the L…

Medium

CVE-2026-0408

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the…

Low

CVE-2026-0403

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN t…

Medium

CVE-2026-0404

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent at…

Medium

CVE-2026-0405

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access th…