PT-2025-46351 · NetGear · Netgear Wax610Y+1
Filiperfonseca
·
Published
2025-11-11
·
Updated
2025-12-08
·
CVE-2025-12940
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
NETGEAR WAX610 versions prior to 11.8.0.10
NETGEAR WAX610Y versions prior to 11.8.0.10
Description
A configuration issue can lead to login credentials being inadvertently recorded in logs when a Syslog Server is configured. An attacker with access to the syslog server can then read these logs and obtain the credentials.
Recommendations
Update WAX610 to firmware version 11.8.0.10 or later.
Update WAX610Y to firmware version 11.8.0.10 or later.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Wax610
Netgear Wax610Y