CVE-2021-4464 PUBLISHED

FIberHome AN5506-04-FA / HG6245D Routers Remote Stack Overflow

Assigner: VulnCheck
Reserved: 12.11.2025 Published: 12.11.2025 Updated: 21.11.2025

FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	FiberHome
Product	AN5506-04-FA
Versions	Default: unaffected affected from 0 to RP2631 (incl.)

Vendor	FiberHome
Product	HG6245D
Versions	Default: unaffected affected from 0 to RP2602 (excl.)

CVE-2021-4464 PUBLISHED

FIberHome AN5506-04-FA / HG6245D Routers Remote Stack Overflow

Metrics

Product Status

Credits

References

Problem Types