Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by SIMCom
CVE-2025-26412 (GCVE-0-2025-26412)
Vulnerability from cvelistv5 – Published: 2025-06-11 08:21 – Updated: 2025-06-18 04:08
VLAI
Title
Undocumented Root Shell Access in SIMCom SIM7600G Modem
Summary
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.
Severity
6.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-912 - Hidden Functionality
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SIMCom | SIM7600G Modem |
Affected:
LE20B03SIM7600M21-A
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-26412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:32:35.942044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:33:19.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-18T04:08:24.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Jun/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIM7600G Modem",
"vendor": "SIMCom",
"versions": [
{
"status": "affected",
"version": "LE20B03SIM7600M21-A"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Constantin Schieber-Kn\u00f6bl, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Stefan Schweighofer, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Steffen Robertz, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands."
}
],
"value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands."
}
],
"impacts": [
{
"capecId": "CAPEC-36",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T08:21:31.679Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"url": "https://r.sec-consult.com/simcom"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting the technical details to them. It is unknown to SEC Consult whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command.\u003cbr\u003e"
}
],
"value": "The vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting the technical details to them. It is unknown to SEC Consult whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Undocumented Root Shell Access in SIMCom SIM7600G Modem",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-26412",
"datePublished": "2025-06-11T08:21:31.679Z",
"dateReserved": "2025-02-10T07:48:38.352Z",
"dateUpdated": "2025-06-18T04:08:24.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}