CVE-2021-4464

FIberHome AN5506-04-FA / HG6245D Routers Remote Stack Overflow

CVSS 9.3 CRITICALEPSS 1.8%CWE-121

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.3EPSS 1.8%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

12 Nov 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

FiberHome · AN5506-04-FA FiberHome · HG6245D

public PoCs found — 2

cve_referencepierrekim.github.io/advisories/2021-fiberhome-0x00-ont.txtunverified cve_referencepierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#misc-remote-stack-overflow-an5506unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://pierrekim.github.io/advisories/2021-fiberhome-0x00-ont.txt https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#misc-remote-stack-overflow-an5506 https://www.vulncheck.com/advisories/fiberhome-routers-remote-stack-overflow