CVE-2025-60550 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The issue arises from improper handling of the curTime parameter within the formEasySetTimezone function, which fails to properly validate input size, leading to a stack-based buffer overflow (CWE-121). This vulnerability can be triggered remotely without authentication or user interaction, as the affected function is accessible via the router's network interface. Exploiting this flaw allows an attacker to cause a denial of service (DoS) by crashing or destabilizing the device, impacting its availability. The CVSS v3.1 base score is 7.5, reflecting a high severity due to network attack vector, low attack complexity, no privileges required, and no user interaction needed. However, the vulnerability does not compromise confidentiality or integrity, limiting the impact to availability. No public exploits or patches are currently available, indicating that the vulnerability is newly disclosed and unmitigated. The affected firmware version is specific, but the lack of detailed affected versions suggests potential broader impact if similar code is used in other firmware variants. The vulnerability underscores the risks in embedded device software where input validation is insufficient, and remote management interfaces are exposed.

For European organizations, this vulnerability poses a significant risk to network availability, especially for small and medium enterprises or home office environments relying on D-Link DIR600L Ax routers. A successful exploit can cause router crashes, resulting in loss of internet connectivity and disruption of business operations dependent on continuous network access. Critical infrastructure or services using these devices as part of their network perimeter could experience outages, impacting operational continuity. Although the vulnerability does not allow data theft or manipulation, the denial of service can indirectly affect confidentiality and integrity by interrupting security monitoring or patch management processes. The absence of known exploits reduces immediate risk, but the high severity score and ease of exploitation warrant proactive mitigation. European organizations with remote management enabled on these routers are particularly vulnerable, as attackers can exploit the flaw over the internet without authentication. The impact is magnified in countries or sectors with widespread use of this router model or where alternative network equipment is limited.

Organizations should immediately audit their network infrastructure to identify the presence of D-Link DIR600L Ax routers running firmware FW116WWb01 or similar versions. Until an official patch is released, it is critical to restrict access to the router's management interfaces by disabling remote management features and applying network segmentation to isolate vulnerable devices from untrusted networks. Employ firewall rules to block external traffic targeting the router's administrative ports. Monitor network traffic for unusual activity that could indicate exploitation attempts. Engage with D-Link support channels to obtain information on forthcoming patches or firmware updates addressing this vulnerability. Consider replacing affected devices with models that have received security updates if patching is delayed. Additionally, implement network-level denial of service protections and maintain regular backups of router configurations to enable rapid recovery. Educate users about the risks of exposing router management interfaces to the internet and enforce strong network security policies.