CVE-2025-60561 identifies a buffer overflow vulnerability in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability resides in the formSetEmail function, where improper handling of the curTime parameter allows an attacker to overflow a buffer. This is classified under CWE-121 (Stack-based Buffer Overflow), which typically enables attackers to overwrite memory, potentially causing crashes or denial of service. The vulnerability is remotely exploitable over the network without any authentication or user interaction, as indicated by the CVSS vector AV:N/AC:L/PR:N/UI:N. The impact is primarily on availability (A:H), with no direct confidentiality or integrity effects reported. The CVSS score of 7.5 reflects a high severity due to the ease of exploitation and the potential to disrupt router functionality. No patches or fixes have been released at the time of publication, and no exploits have been observed in the wild. The router model affected is commonly used in home and small office environments, making it a target for attackers aiming to disrupt network connectivity or launch further attacks from compromised devices. The lack of authentication requirement increases the risk of automated exploitation attempts. Given the critical role routers play in network infrastructure, successful exploitation could lead to significant operational impact.

For European organizations, the primary impact of CVE-2025-60561 is the potential disruption of network availability due to denial of service conditions caused by the buffer overflow. This can interrupt business operations, degrade productivity, and potentially expose networks to secondary attacks if attackers leverage the disruption to gain further access. Since the vulnerability does not affect confidentiality or integrity directly, data breaches are less likely from this flaw alone. However, the affected router is often a gateway device, and its compromise could indirectly facilitate lateral movement or man-in-the-middle attacks. Small and medium enterprises, as well as home offices relying on the D-Link DIR600L Ax router, are particularly vulnerable. The absence of authentication and user interaction requirements means attackers can scan and exploit vulnerable devices remotely, increasing the threat surface. The lack of available patches exacerbates the risk, leaving organizations exposed until a fix is released or mitigations are applied.

1. Immediately restrict remote access to the router’s management interface by disabling WAN-side administration or applying strict firewall rules to limit access to trusted IPs only. 2. Segment the network to isolate the router management interface from general user networks, reducing exposure to potential attackers. 3. Monitor network traffic for unusual or malformed requests targeting the formSetEmail function or the curTime parameter, which may indicate exploitation attempts. 4. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect buffer overflow attempts against this router model. 5. Regularly check for firmware updates from D-Link and apply patches promptly once available. 6. Consider replacing vulnerable devices with models that have a better security track record if immediate patching is not feasible. 7. Educate IT staff and users about the risks of exposing router management interfaces and encourage secure configuration practices. 8. Use network access control (NAC) to limit device connectivity and reduce the attack surface.