CVE-2025-60556 identifies a buffer overflow vulnerability in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability is triggered via the curTime parameter within the formSetWizard1 function, which improperly handles input leading to a stack-based buffer overflow (CWE-121). This flaw allows a remote attacker to send crafted requests to the router's management interface and cause the device to crash or reboot, resulting in a denial of service (DoS) condition. The vulnerability does not require any authentication or user interaction, making it remotely exploitable over the network with low complexity. The CVSS 3.1 base score is 7.5, reflecting a high severity primarily due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to availability (A:H) with no confidentiality or integrity loss. No patches or firmware updates have been published yet, and no known exploits are reported in the wild. The vulnerability was reserved on 2025-09-26 and published on 2025-10-24. Given the affected device is a consumer-grade router, exploitation could disrupt home or small office networks, potentially affecting business continuity if used in critical environments.

For European organizations, the primary impact of CVE-2025-60556 is the potential denial of service on networks relying on the D-Link DIR600L Ax router. This could lead to network outages, loss of internet connectivity, and disruption of business operations, especially for small and medium enterprises or remote offices using this device. Critical infrastructure or services that depend on uninterrupted network access may experience downtime, affecting productivity and potentially causing financial losses. Since the vulnerability requires no authentication and can be exploited remotely, attackers could target exposed routers from anywhere, increasing the risk of widespread disruption. Although no data confidentiality or integrity is compromised, the availability impact alone can be significant. The lack of a patch at the time of disclosure means organizations must rely on network-level mitigations to protect themselves. The absence of known exploits reduces immediate risk but does not eliminate the threat, as weaponization could occur rapidly after disclosure.

1. Immediately identify and inventory all D-Link DIR600L Ax routers within the network environment. 2. Restrict access to the router's management interface by implementing network segmentation and firewall rules to block external and unnecessary internal access. 3. Disable remote management features on the affected routers if enabled. 4. Monitor network traffic for unusual requests targeting the curTime parameter or formSetWizard1 function endpoints. 5. Engage with D-Link support channels to obtain information about forthcoming firmware updates or patches addressing this vulnerability. 6. Until a patch is available, consider replacing vulnerable devices with models from vendors that provide timely security updates. 7. Educate IT staff about the vulnerability and ensure incident response plans include steps to handle potential denial of service incidents related to this issue. 8. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect attempts to exploit this buffer overflow. 9. Regularly review router logs for crashes or reboots that may indicate exploitation attempts. 10. Maintain up-to-date backups and ensure business continuity plans account for potential network outages.