An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
Credits
Daniel Hulliger from The Cyber-Defence Campus of armasuisse S+T
