CRITICAL🇵🇱 Wersja polska

CVE-2025-60553

CVSS 9.8v3.1pub. 2025-10-24upd. 2025-10-28

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.

🤖 AI Analysis
How it works

The attacker sends a specially crafted network request to the device containing an excessively long value of the curTime parameter, handled by the formSetWAN_Wizard52 function. Due to lack of proper validation of input data length (CWE-120 — classic buffer overflow), the data overflows the allocated buffer in memory. This results in overwriting adjacent memory areas, which can lead to arbitrary code execution by the attacker.

Impact

An unauthenticated remote attacker can gain full control over the device, including the ability to read and modify configuration, as well as execute arbitrary code (RCE) with system privileges. The confidentiality, integrity, and availability of the device are at risk.

Mitigation & patch

Manufacturer patches should be applied according to the references. If an update is not available, it is recommended to isolate the device from the public network, disable remote management via WAN, and consider replacing the device with an actively supported model.

Who is affected

D-Link DIR-600L with firmware version Ax FW116WWb01

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 600l

    HW
    Dlink
    a1
  • Dlink Dir 600l Firmware

    OS
    Dlink
    1.16wwb01
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2014-8361CRITICAL9.8⚠ KEVten sam produkt

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...

CVE-2026-42374CRITICAL9.8PL ✓ten sam produkt

Hardcoded backdoor telnet w D-Link DIR-600L — nieautoryzowany dostęp root

CVE-2026-42375CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-600L A1: hardcoded backdoor telnet z dostępem root

CVE-2025-60548CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR-600L przez parametr curTime

CVE-2025-60554CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR600L – parametr curTime w formSetEnableWizard