CVE-2025-26412 (GCVE-0-2025-26412)
Vulnerability from cvelistv5
Published
2025-06-11 08:21
Modified
2025-06-18 04:08
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
Summary
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.
References
551230f0-3615-47bd-b7cc-93e92e730bbfhttps://r.sec-consult.com/simcom
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2025/Jun/17
Impacted products
Vendor Product Version
SIMCom SIM7600G Modem Version: LE20B03SIM7600M21-A
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-26412",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T13:32:35.942044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T13:33:19.735Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-06-18T04:08:24.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jun/17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIM7600G Modem",
          "vendor": "SIMCom",
          "versions": [
            {
              "status": "affected",
              "version": "LE20B03SIM7600M21-A"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Constantin Schieber-Kn\u00f6bl, SEC Consult Vulnerability Lab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Stefan Schweighofer, SEC Consult Vulnerability Lab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Steffen Robertz, SEC Consult Vulnerability Lab"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands."
            }
          ],
          "value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-36",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912 Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-11T08:21:31.679Z",
        "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "shortName": "SEC-VLab"
      },
      "references": [
        {
          "url": "https://r.sec-consult.com/simcom"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting the technical details to them. It is unknown to SEC Consult whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command.\u003cbr\u003e"
            }
          ],
          "value": "The vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting the technical details to them. It is unknown to SEC Consult whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Undocumented Root Shell Access in SIMCom SIM7600G Modem",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
    "assignerShortName": "SEC-VLab",
    "cveId": "CVE-2025-26412",
    "datePublished": "2025-06-11T08:21:31.679Z",
    "dateReserved": "2025-02-10T07:48:38.352Z",
    "dateUpdated": "2025-06-18T04:08:24.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-26412\",\"sourceIdentifier\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"published\":\"2025-06-11T09:15:22.067\",\"lastModified\":\"2025-06-18T05:15:48.290\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dem SIMCom SIM7600G admite un comando AT no documentado que permite a un atacante ejecutar comandos del sistema con permisos de root en el m\u00f3dem. Un atacante necesita acceso f\u00edsico o acceso remoto a un dispositivo que interact\u00fae directamente con el m\u00f3dem mediante comandos AT.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-912\"}]}],\"references\":[{\"url\":\"https://r.sec-consult.com/simcom\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Jun/17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2025/Jun/17\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-06-18T04:08:24.730Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-26412\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-11T13:32:35.942044Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-11T13:32:58.164Z\"}}], \"cna\": {\"title\": \"Undocumented Root Shell Access in SIMCom SIM7600G Modem\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Constantin Schieber-Kn\\u00f6bl, SEC Consult Vulnerability Lab\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Stefan Schweighofer, SEC Consult Vulnerability Lab\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Steffen Robertz, SEC Consult Vulnerability Lab\"}], \"impacts\": [{\"capecId\": \"CAPEC-36\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-36 Using Unpublished Interfaces or Functionality\"}]}], \"affected\": [{\"vendor\": \"SIMCom\", \"product\": \"SIM7600G Modem\", \"versions\": [{\"status\": \"affected\", \"version\": \"LE20B03SIM7600M21-A\"}], \"defaultStatus\": \"unknown\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting the technical details to them. It is unknown to SEC Consult whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting the technical details to them. It is unknown to SEC Consult whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command.\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://r.sec-consult.com/simcom\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-912\", \"description\": \"CWE-912 Hidden Functionality\"}]}], \"providerMetadata\": {\"orgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"shortName\": \"SEC-VLab\", \"dateUpdated\": \"2025-06-11T08:21:31.679Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-26412\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-18T04:08:24.730Z\", \"dateReserved\": \"2025-02-10T07:48:38.352Z\", \"assignerOrgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"datePublished\": \"2025-06-11T08:21:31.679Z\", \"assignerShortName\": \"SEC-VLab\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.