CVE-2025-60547 identifies a buffer overflow vulnerability in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability resides in the formSetWAN_Wizard7 function, specifically triggered by the curTime parameter. Buffer overflows occur when input data exceeds the allocated memory buffer, potentially overwriting adjacent memory and allowing attackers to execute arbitrary code or crash the device. In this case, an attacker can send a specially crafted request to the router's WAN setup interface, exploiting the unchecked curTime parameter to trigger the overflow. This can lead to remote code execution or denial of service, compromising the router's integrity and availability. No CVSS score or patches are currently available, and no known exploits have been observed in the wild. The vulnerability was reserved in late September 2025 and published in October 2025. The router model affected is typically used in home or small office environments, making it a target for attackers seeking to pivot into internal networks or disrupt connectivity. The absence of authentication requirements or user interaction details is not explicitly stated, but given the nature of WAN setup functions, remote exploitation is plausible if the interface is exposed. The lack of patch links suggests that D-Link has not yet released a fix, increasing the urgency for mitigation. This vulnerability highlights the importance of secure firmware development and timely updates for network infrastructure devices.

For European organizations, exploitation of this vulnerability could result in unauthorized remote code execution on affected routers, leading to full compromise of the device. This could allow attackers to intercept, modify, or redirect network traffic, undermining confidentiality and integrity of communications. Additionally, a successful attack could cause denial of service by crashing the router, impacting availability of internet connectivity critical for business operations. Small businesses and home offices using the DIR600L Ax router are particularly at risk, as these devices often lack advanced security controls and may be exposed to the internet. The compromise of these routers could serve as a foothold for lateral movement into corporate networks or as a platform for launching further attacks. Given the widespread use of D-Link routers in Europe, the potential scale of impact is significant, especially in countries with high market penetration of this model. The absence of a patch and public exploits increases the window of exposure, necessitating immediate defensive measures to prevent exploitation.

1. Immediately restrict remote access to the router's management interface by disabling WAN-side administration or limiting it to trusted IP addresses. 2. Implement network segmentation to isolate routers from critical internal systems, reducing potential lateral movement. 3. Monitor network traffic for unusual requests targeting the WAN setup interface, especially those containing anomalous curTime parameter values. 4. Employ intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect exploitation attempts targeting this vulnerability. 5. Encourage users and administrators to regularly check for firmware updates from D-Link and apply patches promptly once available. 6. Consider replacing vulnerable devices with models that receive regular security updates if patching is delayed. 7. Educate users about the risks of exposing router management interfaces to the internet and enforce strong authentication policies. 8. Maintain backups of router configurations to enable rapid recovery in case of compromise. These steps go beyond generic advice by focusing on access control, monitoring, and proactive device management specific to this vulnerability's characteristics.