CVE-2025-50402 – The FAST FAC1200R F400_FAC1200R

📋 TL;DR

The FAST FAC1200R F400_FAC1200R_Q device contains a buffer overflow vulnerability in the password handling function that allows attackers to execute arbitrary code. This affects all users of this specific IoT device model. Attackers can potentially gain full control of the device through this vulnerability.

💻 Affected Systems

Products:

FAST FAC1200R F400_FAC1200R_Q

Versions: All versions prior to patch

Operating Systems: Embedded Linux/RTOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other FAST models may have similar vulnerabilities.

📦 What is this software?

Fac1200r Firmware by Fastcom

View all CVEs affecting Fac1200r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to other network devices, and persistent backdoor installation.

🟠

Likely Case

Device takeover allowing network reconnaissance, credential harvesting, and participation in botnets or DDoS attacks.

🟢

If Mitigated

Limited impact if device is isolated in separate VLAN with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains exploit details; buffer overflow in password parameter makes exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Contact FAST vendor for security advisory
2. Check for firmware updates on vendor website
3. Apply firmware update following vendor instructions
4. Reboot device after update

🔧 Temporary Workarounds

Network Segmentation

all

Isolate device in separate VLAN with strict firewall rules

Access Control

all

Restrict administrative access to trusted IP addresses only

🧯 If You Can't Patch

Replace vulnerable device with secure alternative
Implement strict network monitoring and anomaly detection

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against vendor advisory; test with controlled exploit if in lab environment

Check Version:

Check web interface or CLI for firmware version information

Verify Fix Applied:

Verify firmware version matches patched version from vendor; test password parameter with overflow payloads

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts
Large password parameter values in logs
Device reboot or crash logs

Network Indicators:

Unusual outbound connections from device
Traffic to known malicious IPs
Anomalous protocol usage

SIEM Query:

source="fac1200r" AND (password.length>100 OR event="buffer_overflow")

📊 Metadata

CVE ID: CVE-2025-50402

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.08% exploit probability (24th percentile)

Published: November 26, 2025

Last Updated: January 2, 2026

🔗 References

https://github.com/sezangel/IOT-vul/tree/main/FAST/FAC1200R/2 Exploit,Third Party Advisory
https://github.com/sezangel/IOT-vul/tree/main/FAST/FAC1200R/2 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50402, you might also want to check these: