CVE-2021-4464

Name of the Vulnerable Software and Affected Versions FiberHome AN5506-04-FA firmware versions up to and including RP2631 FiberHome HG6245D versions prior to RP2602

Description The HTTP service ('webs') does not properly limit the size of Cookie header values, resulting in a stack-based buffer overflow. Processing a cookie exceeding 511 bytes causes an overrun of a stack buffer, potentially leading to a crash or control of execution.

Recommendations Update FiberHome AN5506-04-FA firmware to a version later than RP2631. Update FiberHome HG6245D firmware to a version RP2602 or later.