CVE-2025-60563 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability arises from improper handling of the curTime parameter within the formSetPortTr function, which allows an attacker to send a specially crafted request that overflows a buffer. This overflow can cause the router to crash, resulting in a denial of service (DoS) condition. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, making it highly accessible to attackers. The CVSS v3.1 base score is 7.5, reflecting the high impact on availability (A:H) but no impact on confidentiality or integrity. The weakness is classified under CWE-121, which corresponds to stack-based buffer overflows. No patches or fixes have been published yet, and there are no known exploits in the wild. The lack of authentication and user interaction requirements increases the risk of automated exploitation attempts. The affected product is a widely used consumer and small office/home office (SOHO) router, which often serves as a gateway device, making its availability critical for network operations. The vulnerability could be leveraged to disrupt network connectivity, impacting business continuity and operational stability.

For European organizations, the primary impact of CVE-2025-60563 is the potential disruption of network availability due to router crashes. This can lead to loss of internet connectivity, interruption of business operations, and potential downtime for critical services relying on network access. Since the vulnerability does not affect confidentiality or integrity, data breaches or unauthorized data modification are not direct concerns. However, denial of service on gateway devices can indirectly affect security monitoring, remote access, and cloud service availability. Organizations with remote or distributed workforces relying on these routers may experience significant operational challenges. The absence of patches means organizations must rely on network-level mitigations and device replacement strategies. The impact is more pronounced in sectors where continuous connectivity is essential, such as finance, healthcare, and critical infrastructure. Additionally, the ease of exploitation without authentication increases the risk of widespread attacks, especially in environments with exposed management interfaces or weak perimeter defenses.

1. Immediately identify all D-Link DIR600L Ax routers running firmware FW116WWb01 within the network using asset management and network scanning tools. 2. Disable remote management interfaces (e.g., web administration ports) exposed to the internet to reduce attack surface. 3. Implement network segmentation to isolate vulnerable routers from critical infrastructure and sensitive systems. 4. Employ firewall rules to restrict access to router management interfaces to trusted IP addresses only. 5. Monitor network traffic for unusual or malformed requests targeting the curTime parameter or formSetPortTr function patterns. 6. Where possible, replace affected routers with updated models or alternative devices not impacted by this vulnerability. 7. Maintain up-to-date backups and incident response plans to quickly recover from potential denial of service events. 8. Stay informed on vendor advisories for patch releases and apply updates promptly once available. 9. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting exploitation attempts of this vulnerability. 10. Educate IT staff on the specifics of this vulnerability to enhance detection and response capabilities.