CVE-2025-60555 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The issue resides in the formSetWizardSelectMode function, specifically through improper handling of the curTime parameter. This parameter can be manipulated to overflow a buffer, leading to memory corruption and ultimately causing the device to crash or reboot unexpectedly. The vulnerability is remotely exploitable without any authentication or user interaction, as the affected function is accessible via the router’s web management interface or potentially other exposed services. The CVSS v3.1 base score is 7.5, reflecting a high severity primarily due to the network attack vector, low attack complexity, and no privileges or user interaction required. The impact is limited to availability disruption (denial of service), with no direct confidentiality or integrity compromise. No patches or firmware updates have been published at the time of disclosure, and no active exploits have been reported in the wild. The underlying weakness corresponds to CWE-121 (Stack-based Buffer Overflow), a common and dangerous vulnerability type that can lead to crashes or potentially more severe exploitation if combined with other flaws. Organizations using this router model should be aware of the risk of service interruptions and potential exploitation attempts targeting this vulnerability.

For European organizations, the primary impact of CVE-2025-60555 is the potential for denial of service on affected D-Link DIR600L Ax routers. This can disrupt network connectivity, impacting business operations, especially for small and medium enterprises or branch offices relying on these consumer-grade routers for internet access or VPN connectivity. Critical infrastructure or public sector entities using these devices may experience outages affecting service availability. Although the vulnerability does not directly compromise data confidentiality or integrity, repeated or targeted exploitation could cause significant operational disruption. The lack of authentication requirement and ease of remote exploitation increase the risk of automated attacks or scanning campaigns. The absence of known exploits in the wild currently limits immediate risk, but the high CVSS score and public disclosure may attract attackers. Organizations should consider the potential for cascading effects if these routers serve as gateways to more sensitive internal networks.

1. Immediately restrict remote access to the router’s management interface by disabling WAN-side administration or applying strict firewall rules to limit access to trusted IP addresses only. 2. Monitor D-Link’s official channels for firmware updates addressing this vulnerability and apply patches promptly once available. 3. Where possible, replace affected D-Link DIR600L Ax routers with models from vendors with a stronger security track record or enterprise-grade devices that receive timely security updates. 4. Implement network segmentation to isolate vulnerable routers from critical internal systems, minimizing the impact of potential denial of service. 5. Deploy network intrusion detection systems (NIDS) to monitor for unusual traffic patterns or exploitation attempts targeting the curTime parameter or related router management endpoints. 6. Educate IT staff about this vulnerability and encourage proactive vulnerability scanning of network devices to identify affected hardware. 7. Maintain regular backups of router configurations to enable rapid recovery in case of device failure due to exploitation.