QwikSec

Security Database

CVE

CWE

Training

CVE-2021-4464

Published: Nov 12, 2025

Modified: Nov 21, 2025

PUBLISHED

Description

FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow.

Vendor	Product	Versions
FiberHome	AN5506-04-FA	affected `0 - <= RP2631`
FiberHome	HG6245D	affected `0 - < RP2602`

Weaknesses (CWE)

References

https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#misc-remote-stack-overflow-an5506

technical-description

exploit

https://pierrekim.github.io/advisories/2021-fiberhome-0x00-ont.txt

technical-description

exploit

https://www.vulncheck.com/advisories/fiberhome-routers-remote-stack-overflow

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.