CVE-2025-60554

Critical

Published: 24 October 2025

Published

24 October 2025

Modified

28 October 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0022 44.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-60554 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Dir-600L Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of the curTime parameter to directly prevent buffer overflow exploitation in the formSetEnableWizard function.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the buffer overflow flaw through firmware patching or updates to eliminate the vulnerability.

SI-16 Memory Protection partial match

prevent

Implements memory protection mechanisms like ASLR and DEP to mitigate arbitrary code execution from successful buffer overflows.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in the public-facing web management interface (formSetEnableWizard via curTime parameter) enables exploitation for initial access via public-facing application.

NVD Description

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.

Deeper analysisAI

CVE-2025-60554 is a buffer overflow vulnerability (CWE-120) in D-Link DIR600L Ax firmware version FW116WWb01. It is triggered via the curTime parameter in the formSetEnableWizard function, earning a CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) due to its potential for high-impact confidentiality, integrity, and availability violations.

An unauthenticated remote attacker can exploit this over the network with low complexity by sending a specially crafted request to the vulnerable parameter. Exploitation could result in arbitrary code execution on the device, enabling full control, data exfiltration, configuration changes, or device crashes.

The vulnerability is documented in a GitHub proof-of-concept at https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/08-buffer%20overflow-formSetEnableWizard.md. No official D-Link advisories or patches are referenced; security practitioners should monitor for firmware updates, restrict web interface access via firewalls, and consider device replacement for end-of-life models.

Details

CWE(s): CWE-120

Affected Products

dlink

dir-600l firmware

1.16wwb01

CVEs Like This One

CVE-2025-60553Same product: Dlink Dir-600L

CVE-2025-60548Same product: Dlink Dir-600L

CVE-2025-50670Same vendor: Dlink

CVE-2025-52222Same vendor: Dlink

CVE-2025-46108Same vendor: Dlink

CVE-2024-57376Same vendor: Dlink

CVE-2025-50650Same vendor: Dlink

CVE-2025-45058Same vendor: Dlink

CVE-2026-5982Same vendor: Dlink

CVE-2025-50672Same vendor: Dlink

References

https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/08-buffer%20overflow-formSetEnableWizard.md
Third Party Advisory · cve@mitre.org