CVE-2025-9146 HIGH

CVE-2025-9146: Linksys E5600 Firmware checkFw.sh verify_gemtek_header risky encryption

Vendor Linksys
Product E5600
Weakness CWE-327 · Broken crypto
Published August 19, 2025
Last update August 19, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 19, 2025 CVE published
August 19, 2025 Record updated