Information Disclosure in NETGEAR WAX610 and WAX610Y Products
CVE-2025-12940

0.5LOW

Key Information:

Vendor: Netgear
Status: Wax610; Wax610y
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-12940?

NETGEAR WAX610 and WAX610Y access points inadvertently log user login credentials when configured with a Syslog Server. This configuration allows unauthorized users with access to the logs to view sensitive information, posing a significant risk. Users are encouraged to ensure their devices are running firmware version 11.8.0.10 or later to mitigate this vulnerability. Automatic firmware updates are available for devices managed with Insight, and manual updates should be performed for others.

Affected Version(s)

WAX610 0 < 10.8.11.4

WAX610Y 0 < 10.8.11.4

References

https://www.netgear.com/support/product/wax610

productpatch

https://www.netgear.com/support/product/wax610y

productpatch

https://kb.netgear.com/000070355/NETGEAR-Security-Advisor...

vendor-advisory

CVSS V4

Score:

0.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Nov 10, 2025

Credit

filiperfonseca

JSON