CVE-2025-60571 is a buffer overflow vulnerability identified in the D-Link DIR600LAx router firmware version FW116WWb01. The vulnerability exists in the formSetQoS function, specifically through improper handling of the curTime parameter. Buffer overflow vulnerabilities occur when input data exceeds the allocated buffer size, potentially overwriting adjacent memory and allowing an attacker to execute arbitrary code, crash the device, or cause other unpredictable behavior. In this case, an attacker could exploit the flaw by sending specially crafted requests to the router's management interface or any exposed service that processes the formSetQoS function. This could lead to remote code execution or denial of service, compromising the router's integrity and availability. No patches or public exploits are currently known, and the CVSS score has not been assigned yet. The vulnerability was reserved in September 2025 and published in October 2025, indicating recent discovery. The absence of authentication requirements or user interaction details suggests that exploitation might be possible remotely if the management interface is accessible. The DIR600LAx is a consumer-grade router commonly used in home and small office environments, which may lack robust security controls, increasing the risk of exploitation. The vulnerability's impact could extend beyond individual devices, potentially allowing attackers to pivot into internal networks, intercept traffic, or disrupt connectivity.

For European organizations, especially small and medium enterprises (SMEs) and home offices relying on D-Link DIR600LAx routers, this vulnerability poses a significant risk. Exploitation could lead to unauthorized remote code execution, allowing attackers to gain control over the router, intercept or manipulate network traffic, and disrupt internet connectivity. This compromises confidentiality, integrity, and availability of network communications. Given the widespread use of consumer-grade routers in Europe, particularly in countries with high broadband penetration and remote work adoption, the potential impact is substantial. Critical infrastructure organizations using such devices for network edge or remote access could face operational disruptions. Additionally, compromised routers could be leveraged in botnets or as pivot points for further attacks within corporate networks. The lack of available patches increases exposure time, heightening the urgency for mitigation. The threat also raises privacy concerns due to possible interception of sensitive data traversing the affected routers.

1. Immediate identification and inventory of all D-Link DIR600LAx routers running firmware FW116WWb01 within the network environment. 2. Restrict access to router management interfaces by implementing network segmentation and firewall rules to limit exposure to trusted IP addresses only. 3. Disable remote management features unless absolutely necessary, and if enabled, enforce strong authentication and use VPNs for remote access. 4. Monitor network traffic for unusual patterns or signs of exploitation attempts targeting the formSetQoS function or curTime parameter. 5. Regularly check for firmware updates or security advisories from D-Link and apply patches promptly once available. 6. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting buffer overflow attempts against routers. 7. Educate users and administrators about the risks of using outdated router firmware and the importance of timely updates. 8. Consider replacing vulnerable devices with models that have better security track records and support. 9. Implement network-level protections such as segmentation and zero trust principles to minimize the impact of compromised edge devices. 10. Maintain backups of router configurations and ensure incident response plans include scenarios involving compromised network infrastructure devices.