CVE-2025-26412
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-11

Last updated on: 2025-06-18

Assigner: SEC Consult Vulnerability Lab

Description
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-11
Last Modified
2025-06-18
Generated
2026-05-07
AI Q&A
2025-06-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-26412
EUVD
EUVD-2025-18087
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-912 The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability involves the SIMCom SIM7600G modem supporting an undocumented AT command that allows an attacker to execute system commands with root permissions on the modem. To exploit this, an attacker must have either physical access to the device or remote shell access to a device that communicates directly with the modem using AT commands.


How can this vulnerability impact me? :

This vulnerability can allow an attacker with physical or remote shell access to execute commands with root privileges on the modem, potentially leading to full control over the modem's system. This could result in unauthorized actions, data compromise, or disruption of device functionality.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart