The vulnerability identified as CVE-2025-60568 affects the D-Link DIR600L Ax router firmware version FW116WWb01. It is a buffer overflow vulnerability located in the formAdvFirewall function, specifically through the curTime parameter. Buffer overflow vulnerabilities occur when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory. In this case, an attacker can craft a malicious request targeting the curTime parameter to overflow the buffer, which may lead to arbitrary code execution or cause the router to crash (denial of service). The vulnerability was reserved in September 2025 and published in October 2025, but no CVSS score or patches have been released yet, and no known exploits are reported in the wild. The affected device is a widely used consumer and small office router model, which often serves as a gateway to internal networks. Exploiting this vulnerability could allow attackers to gain control over the router, manipulate firewall rules, intercept or redirect traffic, or disrupt network availability. The absence of authentication requirements or user interaction is not explicitly stated, but router management interfaces are often exposed to local networks or sometimes remotely, increasing risk. The lack of a CVSS score necessitates an assessment based on the nature of the vulnerability, its potential impact on confidentiality, integrity, and availability, and the ease of exploitation typical of buffer overflows in embedded devices.

For European organizations, exploitation of this vulnerability could have severe consequences. Compromise of the router could lead to interception or manipulation of sensitive data traversing the network, undermining confidentiality. Attackers could alter firewall configurations, allowing unauthorized access or blocking legitimate traffic, impacting integrity and availability. Denial of service attacks could disrupt business operations, especially for small and medium enterprises relying on this router model. The potential for remote exploitation increases the attack surface, particularly if remote management is enabled or the device is exposed to the internet. Given the widespread use of D-Link routers in homes and small offices across Europe, this vulnerability could affect a large number of endpoints, increasing the risk of lateral movement into corporate networks. The absence of patches or mitigations at the time of disclosure heightens the urgency for organizations to implement compensating controls. Additionally, critical infrastructure or organizations with high security requirements could face increased risks if these routers are part of their network perimeter.

1. Immediate identification and inventory of all D-Link DIR600L Ax routers running firmware FW116WWb01 within the organization’s network. 2. Disable remote management interfaces on these routers to reduce exposure to external attackers. 3. Restrict access to router management interfaces to trusted internal IP addresses only, using network segmentation and access control lists. 4. Monitor network traffic for unusual patterns that may indicate exploitation attempts targeting the curTime parameter or related firewall functions. 5. Implement network-level protections such as intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect buffer overflow attempts. 6. Regularly check for firmware updates or security advisories from D-Link and apply patches promptly once available. 7. Consider replacing vulnerable devices with models that have a better security track record or support timely updates. 8. Educate network administrators about the risks of this vulnerability and best practices for router security. 9. Employ network segmentation to isolate vulnerable routers from critical assets to limit potential impact. 10. Use strong, unique passwords for router administration to prevent unauthorized access.