CVE-2025-60566 identifies a buffer overflow vulnerability in the D-Link DIR600L Ax router firmware version FW116WWb01. The flaw exists in the formSetMACFilter function, where the curTime parameter is improperly handled, allowing an attacker to overflow the buffer. Buffer overflow vulnerabilities can lead to arbitrary code execution or denial of service conditions if exploited successfully. The vulnerability is triggered by sending a specially crafted input to the vulnerable parameter, potentially enabling remote attackers to compromise the device without authentication or user interaction. The vulnerability was reserved in late September 2025 and published in October 2025, but no CVSS score or patches have been released yet, and no known exploits are reported in the wild. The affected device is a consumer-grade router commonly used in home and small office environments. Exploitation could allow attackers to gain control over the router, manipulate network traffic, or disrupt network availability. Due to the lack of patches, organizations must rely on network-level mitigations and monitoring. The absence of authentication requirements and the potential for remote exploitation increase the risk profile. This vulnerability highlights the importance of secure firmware development and timely patching in network infrastructure devices.

For European organizations, the impact of CVE-2025-60566 could be significant, especially for small and medium enterprises (SMEs) and home office users relying on the D-Link DIR600L Ax router. Successful exploitation could lead to unauthorized access to internal networks, interception or manipulation of network traffic, and potential lateral movement within corporate environments. This could compromise confidentiality, integrity, and availability of network communications and connected systems. Disruption of network services could affect business operations, and compromised routers could be used as footholds for further attacks or as part of botnets. The lack of available patches increases exposure time, and the vulnerability's presence in consumer-grade devices means that many less-secured environments could be targeted. European organizations with remote or hybrid workforces using these routers at home are particularly at risk. The potential for remote exploitation without authentication amplifies the threat, making it easier for attackers to launch attacks from outside the network perimeter.

1. Immediately inventory and identify all D-Link DIR600L Ax routers running firmware FW116WWb01 within the organization and connected endpoints. 2. Restrict access to router management interfaces by limiting IP ranges and enforcing strong authentication where possible. 3. Implement network segmentation to isolate vulnerable routers from critical internal systems and sensitive data. 4. Monitor network traffic for unusual activity or signs of exploitation attempts targeting the curTime parameter or MAC filter configuration interfaces. 5. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect potential exploitation attempts. 6. Encourage users, especially remote workers, to avoid exposing router management interfaces to the internet. 7. Regularly check for firmware updates or security advisories from D-Link and apply patches promptly once available. 8. Consider replacing vulnerable devices with more secure alternatives if patching is delayed or unavailable. 9. Educate users about the risks of using outdated router firmware and the importance of security hygiene. 10. Use VPNs and endpoint security solutions to add layers of defense around vulnerable network segments.