CRITICAL🇵🇱 Wersja polska

CVE-2025-60554

CVSS 9.8v3.1pub. 2025-10-24upd. 2025-10-28

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.

🤖 AI Analysis
How it works

The vulnerability results from the lack of proper verification of input data length (CWE-120 – classic buffer overflow). The attacker sends a specially crafted request to the device containing an excessively long value of the curTime parameter, which causes a buffer overflow in the formSetEnableWizard function. Due to the network vector (AV:N), lack of authentication requirements (PR:N) and no need for user interaction (UI:N), the attack can be performed remotely without any privileges.

Impact

Successful exploitation of the vulnerability may lead to arbitrary code execution on the device (RCE), and consequently to complete takeover of the router, loss of confidentiality, integrity and availability of the system.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until the patch is applied, it is recommended to restrict access to the device management interface exclusively to trusted hosts and disable remote access to the administrative panel from the WAN network side.

Who is affected

D-Link DIR-600L series Ax with firmware version FW116WWb01

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 600l

    HW
    Dlink
    a1
  • Dlink Dir 600l Firmware

    OS
    Dlink
    1.16wwb01
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2014-8361CRITICAL9.8⚠ KEVten sam produkt

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...

CVE-2026-42374CRITICAL9.8PL ✓ten sam produkt

Hardcoded backdoor telnet w D-Link DIR-600L — nieautoryzowany dostęp root

CVE-2026-42375CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-600L A1: hardcoded backdoor telnet z dostępem root

CVE-2025-60548CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR-600L przez parametr curTime

CVE-2025-60553CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR-600L — podatność krytyczna RCE