CVE-2025-12940 – NETGEAR WAX610 and WAX610Y access points inadve... (How to Fix)

Q: What is the severity of CVE-2025-12940?

CVE-2025-12940 has a CVSS score of 5.5 (MEDIUM). NETGEAR WAX610 and WAX610Y access points inadvertently record login credentials in syslog files when a syslog server is configured. This allows anyone with access to the syslog server to read plaintext credentials. The vulnerability affects devices running firmware versions before 10.8.11.4.

📋 TL;DR

NETGEAR WAX610 and WAX610Y access points inadvertently record login credentials in syslog files when a syslog server is configured. This allows anyone with access to the syslog server to read plaintext credentials. The vulnerability affects devices running firmware versions before 10.8.11.4.

💻 Affected Systems

Products:

NETGEAR WAX610
NETGEAR WAX610Y

Versions: WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4

Operating Systems: Embedded firmware

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when a syslog server is configured. Devices managed with Insight get automatic updates.

📦 What is this software?

Wax610 Firmware by Netgear

View all CVEs affecting Wax610 Firmware →

Wax610y Firmware by Netgear

View all CVEs affecting Wax610y Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the access point, potentially compromising the entire wireless network, intercepting traffic, or using the device as a pivot point into the internal network.

🟠

Likely Case

Internal users with syslog access can harvest credentials, potentially escalating privileges or accessing other systems if credentials are reused.

🟢

If Mitigated

With proper access controls on syslog servers and credential rotation, impact is limited to credential exposure without actual compromise.

🌐 Internet-Facing: LOW - The vulnerability requires access to the syslog server, which is typically internal. Internet-facing syslog servers would be exceptionally rare.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts with syslog access can harvest credentials, but requires specific configuration (syslog server enabled).

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to syslog server logs. No authentication bypass needed once logs are accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: WAX610: 11.8.0.10 or later; WAX610Y: 11.8.0.10 or later

Vendor Advisory: https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025

Restart Required: Yes

Instructions:

1. Log into the access point web interface. 2. Navigate to Administration > Firmware Update. 3. Check for updates or manually upload firmware version 11.8.0.10 or later. 4. Apply the update and allow the device to reboot.

🔧 Temporary Workarounds

Disable Syslog Server Configuration

all

Remove or disable the syslog server configuration to prevent credential logging.

Restrict Syslog Server Access

all

Implement strict access controls on the syslog server to limit who can read logs.

🧯 If You Can't Patch

Disable syslog server configuration immediately
Implement strict access controls and monitoring on syslog servers
Rotate all credentials that may have been logged

🔍 How to Verify

Check if Vulnerable:

Check if syslog server is configured in the access point settings and verify firmware version is below 10.8.11.4.

Check Version:

Log into web interface and check System Information > Firmware Version

Verify Fix Applied:

Verify firmware version is 11.8.0.10 or later and check syslog logs no longer contain plaintext credentials.

📡 Detection & Monitoring

Log Indicators:

Plaintext credentials in syslog entries from NETGEAR access points
Login attempts with credentials visible in logs

Network Indicators:

Unauthorized access attempts to syslog servers
Unusual authentication patterns from access point IPs

SIEM Query:

source="syslog_server" AND ("password" OR "passwd" OR "credential") AND ("WAX610" OR "WAX610Y")

📊 Metadata

CVE ID: CVE-2025-12940

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-532

EPSS Score: 0.04% exploit probability (10th percentile)

Published: November 11, 2025

Last Updated: December 8, 2025

🔗 References

https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025 Vendor Advisory
https://www.netgear.com/support/product/wax610 Product
https://www.netgear.com/support/product/wax610y Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12940, you might also want to check these: