CVE-2025-60549 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability exists in the function formAutoDetecWAN_wizard4, specifically through improper handling of the curTime parameter. This parameter is susceptible to a buffer overflow condition, classified under CWE-121 (Stack-based Buffer Overflow). The vulnerability can be exploited remotely over the network without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). Successful exploitation leads to a denial of service (DoS) by crashing or destabilizing the device, impacting its availability. The CVSS base score is 7.5, reflecting a high severity level primarily due to the ease of exploitation and the significant impact on availability. There is no indication that confidentiality or integrity are compromised. No patches or firmware updates have been published at the time of disclosure, and no active exploits have been observed in the wild. The vulnerability affects a widely deployed consumer and small office/home office (SOHO) router model, which is commonly used in various regions including Europe. The lack of authentication and user interaction requirements makes this vulnerability particularly dangerous, as attackers can remotely disrupt network connectivity by exploiting this flaw.

For European organizations, the primary impact of CVE-2025-60549 is the potential disruption of network availability due to denial of service on affected D-Link DIR600L Ax routers. This can lead to loss of internet connectivity, interruption of business operations, and potential cascading effects on dependent services and applications. Organizations relying on these routers for critical network functions, especially in small and medium enterprises or branch offices, may experience operational downtime. Although the vulnerability does not directly compromise confidentiality or integrity, the availability impact can indirectly affect business continuity and productivity. Additionally, the disruption could be leveraged as part of a larger attack strategy, such as a distraction or to facilitate lateral movement within a network. European ISPs or managed service providers that deploy these routers to customers could also face increased support costs and reputational damage if exploited. The absence of known exploits in the wild currently reduces immediate risk, but the ease of exploitation and lack of patches necessitate proactive measures.

1. Immediately restrict WAN-side access to the router’s management interfaces to prevent remote exploitation. 2. Implement network-level protections such as firewalls and intrusion prevention systems (IPS) to detect and block malformed packets targeting the curTime parameter or the vulnerable function. 3. Monitor vendor communications closely for firmware updates or patches addressing this vulnerability and apply them promptly upon release. 4. For critical environments, consider replacing affected devices with models not impacted by this vulnerability until a patch is available. 5. Employ network segmentation to isolate vulnerable routers from critical infrastructure to minimize impact in case of exploitation. 6. Conduct regular network traffic analysis to identify unusual patterns that may indicate exploitation attempts. 7. Educate IT staff about this vulnerability and ensure incident response plans include steps for handling potential denial of service incidents related to this flaw.