CVE-2025-60332 is a vulnerability identified in the D-Link DIR-823G A1 router firmware version 1.0.2B05. The flaw stems from a NULL pointer dereference in the SetWLanRadioSettings function, which is part of the router's web management interface. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the device, which does not require any authentication or user interaction, making it remotely exploitable over the network. The NULL pointer dereference leads to a denial of service condition, causing the router to crash or reboot, thereby disrupting network connectivity. The vulnerability is classified under CWE-476 (NULL Pointer Dereference), indicating improper handling of null pointers in code. The CVSS v3.1 base score is 7.5, reflecting high severity due to its network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impact limited to availability (A:H) without affecting confidentiality or integrity. No patches or firmware updates have been published yet, and there are no known exploits in the wild. This vulnerability could be leveraged by attackers to cause widespread denial of service in networks relying on this router model, especially in environments where these devices serve as critical network gateways or wireless access points.

For European organizations, the primary impact of CVE-2025-60332 is the potential disruption of network services due to router crashes or reboots. This can lead to loss of internet connectivity, interruption of business operations, and degraded productivity. Organizations relying on the D-Link DIR-823G A1 as part of their network infrastructure, including small and medium enterprises or branch offices, may experience outages affecting internal communications and access to cloud services. Critical sectors such as healthcare, finance, and government could face operational risks if these devices are deployed in sensitive environments. Additionally, denial of service conditions could be exploited as part of larger multi-vector attacks or to facilitate lateral movement by distracting security teams. The lack of authentication and user interaction requirements increases the risk of automated exploitation attempts from remote attackers. Although no known exploits exist yet, the vulnerability's characteristics make it a plausible target for attackers seeking to disrupt network availability.

Immediate mitigation should focus on network-level controls to limit exposure of the router's management interface to untrusted networks, including the internet. Organizations should implement firewall rules to restrict HTTP access to trusted IP addresses and segment the network to isolate critical devices. Monitoring network traffic for unusual HTTP requests targeting the SetWLanRadioSettings function or abnormal router behavior can provide early warning signs. Since no official patches are available, organizations should engage with D-Link support to obtain firmware updates or advisories. Where possible, replacing affected devices with models that have received security updates or are not vulnerable is advisable. Additionally, maintaining up-to-date inventory of network devices and their firmware versions will aid in rapid identification and response. Employing intrusion detection/prevention systems (IDS/IPS) with signatures for this vulnerability once available can further reduce risk. Finally, educating IT staff about this vulnerability and ensuring incident response plans include scenarios involving router DoS attacks will improve organizational resilience.