CVE-2025-26412

MEDIUM

SIMCom SIM7600G - RCE

Title source: llm

Description

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.

References (2)

[Various Sources] https://r.sec-consult.com/simcom

[Mailing List] http://seclists.org/fulldisclosure/2025/Jun/17

Scores

CVSS v3 6.8

EPSS 0.0013

EPSS Percentile 31.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-912

Status published

Products (1)

SIMCom/SIM7600G Modem LE20B03SIM7600M21-A

Published Jun 11, 2025

Tracked Since Feb 18, 2026