Login Sign Up

CVE-2025-60557

7.5 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This buffer overflow vulnerability in D-Link DIR600L routers allows attackers to execute arbitrary code by sending specially crafted requests to the formSetEasy_Wizard function. It affects users running firmware version FW116WWb01 on DIR600L Ax routers. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:
  • D-Link DIR600L Ax
Versions: FW116WWb01
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific firmware version mentioned. Older or newer versions may not be vulnerable.

📦 What is this software?

Dir 600l Firmware by Dlink

View all CVEs affecting Dir 600l Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network traffic interception, and pivot to internal networks.

🟠

Likely Case

Router crash/reboot causing denial of service, or limited code execution depending on exploit sophistication.

🟢

If Mitigated

No impact if device is not internet-facing and network segmentation prevents access to management interface.

🌐 Internet-Facing: HIGH - Router management interfaces are often exposed to the internet, and this vulnerability requires no authentication.
🏢 Internal Only: MEDIUM - Attackers with internal network access could exploit this to compromise the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept exists in GitHub repository. Exploitation appears straightforward based on available technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check D-Link support site for firmware updates. 2. Download latest firmware for DIR600L Ax. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Network Segmentation

all

Isolate router management interface to trusted network segment only

🧯 If You Can't Patch

  • Replace vulnerable router with supported model
  • Implement strict firewall rules blocking all access to router management interface from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is FW116WWb01, device is vulnerable.

Check Version:

Log into router web interface and check System Status or Firmware Update section

Verify Fix Applied:

Verify firmware version has been updated to a version newer than FW116WWb01.

📡 Detection & Monitoring

Log Indicators:

  • Multiple requests to formSetEasy_Wizard with long curTime parameters
  • Router crash/reboot logs
  • Unusual outbound connections from router

Network Indicators:

  • HTTP POST requests to router management interface with oversized curTime parameter
  • Sudden loss of router connectivity

SIEM Query:

source="router_logs" AND ("formSetEasy_Wizard" OR "curTime" AND length>100)

📊 Metadata

CVE ID: CVE-2025-60557
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-121
EPSS Score: 0.08% exploit probability (23.7th percentile)
Published: October 24, 2025
Last Updated: October 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60557, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)