CVE-2025-60549 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The flaw exists in the function formAutoDetecWAN_wizard4, where the curTime parameter is improperly handled, allowing an attacker to overflow the buffer. Buffer overflow vulnerabilities can lead to arbitrary code execution or denial of service conditions if exploited successfully. The vulnerability is triggered by sending a specially crafted request to the affected function, potentially remotely if the router's management interface is exposed. No specific affected firmware versions beyond FW116WWb01 are detailed, and no patches or public exploits are currently available. The vulnerability was reserved on 2025-09-26 and published on 2025-10-24, indicating recent discovery. The absence of a CVSS score suggests that the vulnerability has not yet been fully assessed for impact or exploitability. However, buffer overflows in network devices are typically critical due to their potential to compromise device integrity and network security. The lack of authentication requirement is not explicitly stated but is inferred given the nature of WAN auto-detection functions, which often operate without user credentials. This vulnerability poses a risk to the confidentiality, integrity, and availability of affected devices and the networks they serve.

For European organizations, exploitation of this vulnerability could lead to unauthorized remote code execution on D-Link DIR600L Ax routers, resulting in network disruption, interception or manipulation of network traffic, and potential lateral movement within internal networks. The vulnerability could undermine the availability of critical network infrastructure, impacting business continuity. Confidentiality may be compromised if attackers gain control over the router and intercept sensitive communications. Integrity risks arise if attackers alter router configurations or inject malicious payloads. Small and medium enterprises, as well as home office environments using this router model, are particularly vulnerable due to typically weaker network segmentation and security controls. The absence of known exploits in the wild currently limits immediate risk, but the potential for future exploitation remains high. The impact is exacerbated in environments where firmware updates are infrequent or where network management interfaces are exposed to untrusted networks.

1. Immediately inventory and identify all D-Link DIR600L Ax routers within the organization to assess exposure. 2. Restrict access to router management interfaces by implementing network segmentation and firewall rules that limit access to trusted IP addresses only. 3. Disable remote management features if not required to reduce attack surface. 4. Monitor network traffic for unusual activity targeting the curTime parameter or the WAN auto-detection functionality. 5. Engage with D-Link support channels to obtain information on forthcoming patches or firmware updates addressing this vulnerability. 6. Apply any available firmware updates promptly once released. 7. Consider deploying network intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect exploitation attempts targeting this vulnerability. 8. Educate IT staff on the risks and signs of exploitation related to this vulnerability. 9. For critical environments, consider temporary replacement of affected devices with alternative hardware until a patch is available. 10. Maintain robust backup and recovery procedures to mitigate potential damage from exploitation.