{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-26412", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2025-02-10T07:48:38.352Z", "datePublished": "2025-06-11T08:21:31.679Z", "dateUpdated": "2025-06-18T04:08:24.730Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "SIM7600G Modem", "vendor": "SIMCom", "versions": [{"status": "affected", "version": "LE20B03SIM7600M21-A"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Constantin Schieber-Kn\u00f6bl, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "finder", "value": "Stefan Schweighofer, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "finder", "value": "Steffen Robertz, SEC Consult Vulnerability Lab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands."}], "value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands."}], "impacts": [{"capecId": "CAPEC-36", "descriptions": [{"lang": "en", "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912 Hidden Functionality", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2025-06-11T08:21:31.679Z"}, "references": [{"url": "https://r.sec-consult.com/simcom"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting the technical details to them. It is unknown to SEC Consult whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command.<br>"}], "value": "The vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting the technical details to them. It is unknown to SEC Consult whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command."}], "source": {"discovery": "EXTERNAL"}, "title": "Undocumented Root Shell Access in SIMCom SIM7600G Modem", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T13:32:35.942044Z", "id": "CVE-2025-26412", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:33:19.735Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jun/17"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-18T04:08:24.730Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jun/17"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-18T04:08:24.730Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-26412", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-11T13:32:35.942044Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:32:58.164Z"}}], "cna": {"title": "Undocumented Root Shell Access in SIMCom SIM7600G Modem", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Constantin Schieber-Kn\u00f6bl, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "finder", "value": "Stefan Schweighofer, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "finder", "value": "Steffen Robertz, SEC Consult Vulnerability Lab"}], "impacts": [{"capecId": "CAPEC-36", "descriptions": [{"lang": "en", "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"}]}], "affected": [{"vendor": "SIMCom", "product": "SIM7600G Modem", "versions": [{"status": "affected", "version": "LE20B03SIM7600M21-A"}], "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "The vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting the technical details to them. It is unknown to SEC Consult whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command.", "supportingMedia": [{"type": "text/html", "value": "The vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting the technical details to them. It is unknown to SEC Consult whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command.<br>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/simcom"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.", "supportingMedia": [{"type": "text/html", "value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-912", "description": "CWE-912 Hidden Functionality"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2025-06-11T08:21:31.679Z"}}}, "cveMetadata": {"cveId": "CVE-2025-26412", "state": "PUBLISHED", "dateUpdated": "2025-06-18T04:08:24.730Z", "dateReserved": "2025-02-10T07:48:38.352Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2025-06-11T08:21:31.679Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands."}, {"lang": "es", "value": "El m\u00f3dem SIMCom SIM7600G admite un comando AT no documentado que permite a un atacante ejecutar comandos del sistema con permisos de root en el m\u00f3dem. Un atacante necesita acceso f\u00edsico o acceso remoto a un dispositivo que interact\u00fae directamente con el m\u00f3dem mediante comandos AT."}], "id": "CVE-2025-26412", "lastModified": "2025-06-18T05:15:48.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-11T09:15:22.067", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/simcom"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jun/17"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-912"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}

{}