CVE-2025-60547 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability arises from improper handling of the curTime parameter within the formSetWAN_Wizard7 function, which is likely part of the router's WAN setup wizard interface. Buffer overflows occur when input data exceeds the allocated memory buffer, potentially overwriting adjacent memory and causing unpredictable behavior. In this case, the flaw allows an unauthenticated remote attacker to send specially crafted requests to the router's WAN-facing interface, triggering the overflow. The CVSS 3.1 base score of 7.5 reflects a high severity due to the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to availability (A:H), meaning the attacker can cause denial of service, such as crashing or rebooting the device, but cannot directly compromise confidentiality or integrity. No known exploits have been reported in the wild, and no official patches or mitigations have been released at the time of publication. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow), a common and critical software weakness. The absence of affected version details suggests the issue may be specific to the FW116WWb01 firmware or a subset of devices running it. This vulnerability poses a risk to network stability and availability, especially in environments relying on this router model for internet connectivity.

For European organizations, the primary impact of CVE-2025-60547 is on network availability. The affected D-Link DIR600L Ax routers are typically deployed in small office/home office (SOHO) environments, which are common in SMEs and remote work setups across Europe. A successful exploit could cause router crashes or reboots, leading to temporary loss of internet connectivity and disruption of business operations. While the vulnerability does not compromise data confidentiality or integrity directly, the resulting denial of service could hinder critical communications, remote access, and cloud service usage. Organizations with limited IT support or lacking redundant internet connections are particularly vulnerable. Additionally, the exploitation of such vulnerabilities could be leveraged as part of larger attacks, such as network reconnaissance or lateral movement, if combined with other weaknesses. The lack of authentication and user interaction requirements increases the risk of automated exploitation attempts from the internet. Given the widespread use of D-Link routers in European households and small businesses, the potential scope of impact is significant, especially in countries with high D-Link market share.

1. Immediately restrict WAN-side access to the router's management interfaces by implementing firewall rules or disabling remote management features to prevent unauthorized external access. 2. Segment the network to isolate the router management interface from general user traffic and untrusted networks. 3. Monitor network traffic for unusual or malformed requests targeting the WAN setup wizard endpoints, which may indicate exploitation attempts. 4. Deploy network intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect buffer overflow attempts against D-Link routers. 5. Encourage users and administrators to upgrade firmware promptly once an official patch is released by D-Link; meanwhile, consider temporary replacement of vulnerable devices if feasible. 6. For organizations relying on these routers, implement redundant internet connections or failover mechanisms to maintain connectivity during potential outages. 7. Educate IT staff and users about the risks of exposing router management interfaces to the internet and enforce strong network security policies. 8. Engage with D-Link support channels to obtain status updates on patch availability and coordinate vulnerability disclosure responses.