CVE-2025-60570 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The flaw exists in the formLogDnsquery function, specifically through improper handling of the curTime parameter, which leads to a stack-based buffer overflow (CWE-121). This vulnerability can be triggered remotely without authentication or user interaction, as the affected function processes DNS query logs. Exploiting this flaw allows an attacker to cause a denial of service (DoS) by crashing the router, impacting its availability. The CVSS v3.1 base score is 7.5, reflecting a high severity mainly due to network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The scope remains unchanged (S:U), and the impact is solely on availability (A:H) with no confidentiality or integrity impact. No patches or fixes have been published yet, and no known exploits are reported in the wild. The vulnerability affects a widely used consumer router model, which is often deployed in home and small office environments, making it a potential target for attackers seeking to disrupt network connectivity or leverage the device for further attacks.

For European organizations, the primary impact of CVE-2025-60570 is the potential for denial of service on affected D-Link DIR600L Ax routers, leading to network outages and loss of internet connectivity. This can disrupt business operations, especially for small and medium enterprises relying on these routers for internet access or VPN connections. Although the vulnerability does not directly compromise confidentiality or integrity, the loss of availability can hinder critical communications and services. In environments where these routers serve as gateways or network edge devices, the DoS could also facilitate secondary attacks or delay incident response. The absence of authentication requirements and user interaction lowers the barrier for exploitation, increasing the risk of automated attacks. European organizations with limited IT security resources may find it challenging to detect or mitigate such attacks promptly, exacerbating the impact.

1. Immediately isolate affected D-Link DIR600L Ax routers from untrusted networks, especially the internet, to reduce exposure. 2. Disable remote management features and any unnecessary services that process external input to limit attack surface. 3. Implement network segmentation to separate critical systems from consumer-grade routers. 4. Monitor network traffic for unusual DNS query patterns or repeated requests targeting the formLogDnsquery function. 5. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect buffer overflow attempts or anomalous router behavior. 6. Contact D-Link support for firmware updates or advisories and apply patches promptly once available. 7. Consider replacing vulnerable routers with models that have confirmed security updates and better vendor support. 8. Educate IT staff on recognizing symptoms of router DoS and establishing incident response procedures specific to network device failures.