FiberHome AN5506-04-FA and HG6245D Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in FiberHome AN5506-04-FA routers with firmware RP2631 and in HG6245D routers with firmware prior to RP2602. The vulnerability arises because the HTTP service does not properly limit the length of Cookie header values. When a cookie exceeds 511 bytes, it can overwrite a stack buffer, potentially leading to a crash or allowing control over the execution flow.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to a crash of the HTTP service or allow an attacker to gain control of the execution flow, potentially leading to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending an HTTP request to the router's web server with a Cookie header that includes a value longer than 511 bytes. This can be done using tools like curl or wget, with the Cookie header manually set to include the oversized value. Once the vulnerable firmware processes the request, the stack buffer overflow occurs, allowing for execution control.

Remediation

Users are advised to update to the latest firmware version available for their router model. For HG6245D routers, this means updating to version RP2602 or later. AN5506-04-FA routers should also be updated to the latest available version.