CRITICAL🇵🇱 Wersja polska

CVE-2025-60548

CVSS 9.8v3.1pub. 2025-10-24upd. 2025-10-28

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.

🤖 AI Analysis
How it works

The vulnerability results from improper handling of the curTime parameter in the formLanSetupRouterSettings function — lack of proper validation of input data length (CWE-120, classic buffer overflow). An attacker can send specially crafted network request to the device containing an excessively long value of the curTime parameter, causing a buffer overflow in memory. Due to the network vector (AV:N), lack of authentication requirement (PR:N), and lack of user interaction (UI:N), the attack can be conducted remotely without any additional prerequisites.

Impact

Successful exploitation of the vulnerability may allow an attacker to remotely execute arbitrary code (RCE) on the device, and consequently to gain full control over the router, compromising the confidentiality, integrity, and availability of the network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. If an update is not available, it is recommended to restrict access to the device's administrative interface exclusively to trusted hosts on the local network and to disable remote management via WAN. Consider replacing the device with one actively supported by the manufacturer.

Who is affected

D-Link DIR-600L Ax with firmware version 116WWb01

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 600l

    HW
    Dlink
    a1
  • Dlink Dir 600l Firmware

    OS
    Dlink
    1.16wwb01
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2014-8361CRITICAL9.8⚠ KEVten sam produkt

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...

CVE-2026-42374CRITICAL9.8PL ✓ten sam produkt

Hardcoded backdoor telnet w D-Link DIR-600L — nieautoryzowany dostęp root

CVE-2026-42375CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-600L A1: hardcoded backdoor telnet z dostępem root

CVE-2025-60553CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR-600L — podatność krytyczna RCE

CVE-2025-60554CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR600L – parametr curTime w formSetEnableWizard