CVE-2025-26412

MEDIUM

SIMCom SIM7600G - RCE

Title source: llm

Description

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.

References (2)

[Various Sources] https://r.sec-consult.com/simcom

[Mailing List] http://seclists.org/fulldisclosure/2025/Jun/17

Scores

CVSS v3 6.8

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-912

Status draft

Timeline

Published Jun 11, 2025

Tracked Since Feb 18, 2026