fkie_cve-2025-26412
Vulnerability from fkie_nvd
Published
2025-06-11 09:15
Modified
2025-06-18 05:15
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.
References
551230f0-3615-47bd-b7cc-93e92e730bbfhttps://r.sec-consult.com/simcom
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2025/Jun/17
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dem SIMCom SIM7600G admite un comando AT no documentado que permite a un atacante ejecutar comandos del sistema con permisos de root en el m\u00f3dem. Un atacante necesita acceso f\u00edsico o acceso remoto a un dispositivo que interact\u00fae directamente con el m\u00f3dem mediante comandos AT."
    }
  ],
  "id": "CVE-2025-26412",
  "lastModified": "2025-06-18T05:15:48.290",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-11T09:15:22.067",
  "references": [
    {
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
      "url": "https://r.sec-consult.com/simcom"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2025/Jun/17"
    }
  ],
  "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-912"
        }
      ],
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.