Cyber Resilience

CVE-2025-50402

CriticalPublic PoC

Published: 26 November 2025

Published
26 November 2025
Modified
02 January 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 24.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50402 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Fastcom Fac1200R Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-50402 is a buffer overflow vulnerability (CWE-120) affecting the FAST FAC1200R F400_FAC1200R_Q firmware or component. The issue resides in the function sub_80435780, which can be triggered via a specially crafted value in the fac_password parameter. Published on 2025-11-26 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it represents a critical remote code execution risk in this IoT device firmware.

An unauthenticated attacker with network access can exploit this vulnerability by sending a malicious fac_password string to the affected component, leading to a buffer overflow. Successful exploitation allows arbitrary code execution with high impact on confidentiality, integrity, and availability, potentially resulting in full device compromise, such as router takeover for further network pivoting or data exfiltration.

References point to a GitHub repository (https://github.com/sezangel/IOT-vul/tree/main/FAST/FAC1200R/2) containing vulnerability details or proof-of-concept code for the FAST FAC1200R, but no official advisories or patches are detailed in available information. Security practitioners should isolate affected devices and monitor for firmware updates from the vendor.

EU & UK References

Vulnerability details

FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a critical unauthenticated buffer overflow in router firmware exploitable over the network via a crafted parameter, directly enabling remote code execution through exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-50399Same product: Fastcom Fac1200R
CVE-2021-47854Shared CWE-120
CVE-2024-39803Shared CWE-120
CVE-2024-37184Shared CWE-120
CVE-2025-66647Shared CWE-120
CVE-2024-39750Shared CWE-120
CVE-2025-52909Shared CWE-120
CVE-2025-50398Shared CWE-120
CVE-2025-25674Shared CWE-120
CVE-2022-50922Shared CWE-120

Affected Assets

fastcom
fac1200r firmware
f400_fac1200r_q

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the buffer overflow vulnerability through timely firmware patching and flaw correction.

prevent

Prevents buffer overflow exploitation by validating the fac_password parameter for proper length and format at input points.

prevent

Mitigates arbitrary code execution from buffer overflows using memory protections like stack canaries, ASLR, and non-executable memory.

References