CVE-2025-60566 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability resides in the formSetMACFilter function, specifically via the curTime parameter, which is improperly handled, leading to a stack-based buffer overflow (CWE-121). This flaw allows an unauthenticated attacker to send crafted network requests that overflow the buffer, causing the device to crash or reboot, resulting in denial of service (DoS). The CVSS v3.1 score is 7.5, reflecting high severity due to network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). No patches or official fixes have been published at the time of disclosure, and no known exploits have been observed in the wild. The vulnerability affects a widely deployed consumer-grade router model, commonly used in home and small office environments. Exploitation could disrupt network connectivity, impacting business operations and user access to network resources. The lack of authentication and user interaction requirements increases the risk of remote exploitation by attackers scanning for vulnerable devices.

For European organizations, especially small and medium enterprises (SMEs) and home office users relying on D-Link DIR600L Ax routers, this vulnerability poses a significant risk of network outages due to denial of service. Disruption of internet connectivity can affect business continuity, remote work capabilities, and access to cloud services. Critical services dependent on stable network infrastructure may experience interruptions, leading to productivity losses and potential financial impact. Although the vulnerability does not allow data theft or modification, the availability impact can be severe in environments lacking redundant network paths or failover mechanisms. Additionally, widespread exploitation could lead to larger-scale disruptions if attackers leverage this vulnerability in botnet campaigns or coordinated denial of service attacks. The absence of patches increases exposure duration, necessitating proactive mitigation. Organizations in sectors with high reliance on continuous connectivity, such as finance, healthcare, and telecommunications, may face amplified operational risks.

1. Immediately restrict remote management access to the D-Link DIR600L Ax routers by disabling WAN-side administration or limiting access via firewall rules to trusted IP addresses. 2. Implement network segmentation to isolate vulnerable routers from critical infrastructure and sensitive systems, reducing potential impact. 3. Monitor network traffic for unusual patterns or repeated malformed requests targeting the curTime parameter or MAC filter functions. 4. Engage with D-Link support channels to obtain information on upcoming firmware patches or security advisories and apply updates promptly once available. 5. Consider replacing affected routers with models from vendors with active security support if patching is delayed. 6. Educate users about the risks of exposing router management interfaces to the internet and enforce strong administrative passwords. 7. Employ intrusion detection/prevention systems (IDS/IPS) capable of detecting exploitation attempts targeting known buffer overflow signatures. 8. Maintain up-to-date asset inventories to identify all affected devices within the organization for targeted remediation.