CVE-2025-60550 – A buffer overflow vulnerability in D-Link DIR60... (How to Fix)

Q: What is the severity of CVE-2025-60550?

CVE-2025-60550 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in D-Link DIR600L Ax router firmware allows attackers to execute arbitrary code by sending specially crafted requests to the formEasySetTimezone function. This affects users running FW116WWb01 firmware on DIR600L Ax routers. Successful exploitation could lead to complete device compromise.

📋 TL;DR

A buffer overflow vulnerability in D-Link DIR600L Ax router firmware allows attackers to execute arbitrary code by sending specially crafted requests to the formEasySetTimezone function. This affects users running FW116WWb01 firmware on DIR600L Ax routers. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

D-Link DIR600L Ax

Versions: FW116WWb01

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific firmware version on DIR600L Ax routers. Other models/versions may be unaffected.

📦 What is this software?

Dir 600l Firmware by Dlink

View all CVEs affecting Dir 600l Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router crash/reboot causing temporary network disruption, or limited code execution for reconnaissance.

🟢

If Mitigated

Denial of service if exploit fails or is detected by network monitoring.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and the vulnerability appears to be remotely accessible.

🏢 Internal Only: MEDIUM - Could be exploited from internal networks if attacker gains access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains detailed analysis and likely exploit code. Buffer overflow in curTime parameter suggests straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: Yes

Instructions:

1. Check D-Link support site for firmware updates. 2. If update available, download and install via router web interface. 3. Reboot router after update.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

Replace affected router with supported model
Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface: System > Firmware. If version is FW116WWb01, device is vulnerable.

Check Version:

Check router web interface or use nmap/router scanning tools to identify firmware version.

Verify Fix Applied:

Verify firmware version has changed from FW116WWb01 to a newer version.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to formEasySetTimezone with abnormal curTime parameter values
Router crash/reboot logs
Unusual outbound connections from router

Network Indicators:

HTTP POST requests to router management interface with oversized curTime parameter
Traffic patterns suggesting router compromise

SIEM Query:

http.method:POST AND http.uri:*formEasySetTimezone* AND http.param.curTime.length>100

📊 Metadata

CVE ID: CVE-2025-60550

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.08% exploit probability (23.7th percentile)

Published: October 24, 2025

Last Updated: October 28, 2025

🔗 References

https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/04-buffer%20overflow-formEasySetTimezone.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60550, you might also want to check these: