CVE-2025-12940: CWE-532 Insertion of Sensitive Information into Log File in NETGEAR WAX610
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.
AI Analysis
Technical Summary
CVE-2025-12940 is a security vulnerability classified under CWE-532, which involves the insertion of sensitive information into log files. Specifically, in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points), login credentials are inadvertently recorded in plaintext within syslog files when a Syslog server is configured. This means that any user with access to the syslog server can retrieve these credentials, potentially compromising network security. The vulnerability affects firmware versions before 10.8.11.4 for both WAX610 and WAX610Y models. NETGEAR Insight-managed devices receive automatic updates, but unmanaged devices require manual firmware checks and updates. The issue was addressed and fixed in firmware version 11.8.0.10 or later. The CVSS 4.0 score is 0.5, reflecting a low severity due to the local attack vector, no required privileges, no user interaction, and limited confidentiality, integrity, and availability impacts. Exploitation requires access to the syslog server, which typically implies some level of internal network access or prior compromise. No known exploits are currently in the wild. This vulnerability highlights the risk of sensitive data leakage through improper logging practices in network infrastructure devices.
Potential Impact
For European organizations, the primary impact is the potential exposure of administrative login credentials for NETGEAR WAX610 and WAX610Y access points. If an attacker gains access to the syslog server, they can extract these credentials and potentially gain unauthorized access to the wireless network infrastructure. This could lead to further lateral movement within the network, data exfiltration, or disruption of network services. The risk is heightened in environments where syslog servers are accessible by multiple users or insufficiently secured. Confidentiality is the most affected security property, with some potential indirect impacts on integrity and availability if attackers leverage the credentials to manipulate network configurations or disrupt services. The low CVSS score reflects the limited ease of exploitation and scope, but the impact on sensitive network infrastructure credentials means the threat should not be ignored. Organizations with critical operations relying on these access points could face operational risks if compromised.
Mitigation Recommendations
1. Immediately update all NETGEAR WAX610 and WAX610Y devices to firmware version 11.8.0.10 or later to eliminate the vulnerability. 2. Restrict access to the syslog server strictly to trusted administrators and monitor access logs for unusual activity. 3. If possible, disable logging of sensitive information or configure syslog to exclude credential data until devices are updated. 4. Employ network segmentation to isolate syslog servers from general user access and untrusted networks. 5. Regularly audit and review syslog contents for sensitive data leakage. 6. Use encrypted logging transport protocols (e.g., TLS for syslog) to protect log data in transit. 7. Implement strong authentication and access controls on management interfaces of the affected devices. 8. Educate network administrators about the risks of sensitive data in logs and the importance of timely patching. 9. Consider deploying intrusion detection systems to alert on unauthorized access attempts to syslog servers or network devices.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Austria
CVE-2025-12940: CWE-532 Insertion of Sensitive Information into Log File in NETGEAR WAX610
Description
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.
AI-Powered Analysis
Technical Analysis
CVE-2025-12940 is a security vulnerability classified under CWE-532, which involves the insertion of sensitive information into log files. Specifically, in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points), login credentials are inadvertently recorded in plaintext within syslog files when a Syslog server is configured. This means that any user with access to the syslog server can retrieve these credentials, potentially compromising network security. The vulnerability affects firmware versions before 10.8.11.4 for both WAX610 and WAX610Y models. NETGEAR Insight-managed devices receive automatic updates, but unmanaged devices require manual firmware checks and updates. The issue was addressed and fixed in firmware version 11.8.0.10 or later. The CVSS 4.0 score is 0.5, reflecting a low severity due to the local attack vector, no required privileges, no user interaction, and limited confidentiality, integrity, and availability impacts. Exploitation requires access to the syslog server, which typically implies some level of internal network access or prior compromise. No known exploits are currently in the wild. This vulnerability highlights the risk of sensitive data leakage through improper logging practices in network infrastructure devices.
Potential Impact
For European organizations, the primary impact is the potential exposure of administrative login credentials for NETGEAR WAX610 and WAX610Y access points. If an attacker gains access to the syslog server, they can extract these credentials and potentially gain unauthorized access to the wireless network infrastructure. This could lead to further lateral movement within the network, data exfiltration, or disruption of network services. The risk is heightened in environments where syslog servers are accessible by multiple users or insufficiently secured. Confidentiality is the most affected security property, with some potential indirect impacts on integrity and availability if attackers leverage the credentials to manipulate network configurations or disrupt services. The low CVSS score reflects the limited ease of exploitation and scope, but the impact on sensitive network infrastructure credentials means the threat should not be ignored. Organizations with critical operations relying on these access points could face operational risks if compromised.
Mitigation Recommendations
1. Immediately update all NETGEAR WAX610 and WAX610Y devices to firmware version 11.8.0.10 or later to eliminate the vulnerability. 2. Restrict access to the syslog server strictly to trusted administrators and monitor access logs for unusual activity. 3. If possible, disable logging of sensitive information or configure syslog to exclude credential data until devices are updated. 4. Employ network segmentation to isolate syslog servers from general user access and untrusted networks. 5. Regularly audit and review syslog contents for sensitive data leakage. 6. Use encrypted logging transport protocols (e.g., TLS for syslog) to protect log data in transit. 7. Implement strong authentication and access controls on management interfaces of the affected devices. 8. Educate network administrators about the risks of sensitive data in logs and the importance of timely patching. 9. Consider deploying intrusion detection systems to alert on unauthorized access attempts to syslog servers or network devices.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- NETGEAR
- Date Reserved
- 2025-11-10T07:33:11.224Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 691362a4f922b639ab5baf66
Added to database: 11/11/2025, 4:21:56 PM
Last enriched: 11/18/2025, 4:47:43 PM
Last updated: 11/22/2025, 1:56:07 AM
Views: 28
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-65947: CWE-400: Uncontrolled Resource Consumption in jzeuzs thread-amount
HighCVE-2025-65946: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in RooCodeInc Roo-Code
HighCVE-2025-12678
UnknownCVE-2025-11933: CWE-20 Improper Input Validation in wofSSL wolfSSL
LowCVE-2025-65111: CWE-277: Insecure Inherited Permissions in authzed spicedb
LowActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.