Remote Command Execution in SIMCom SIM7600G Modem
CVE-2025-26412

6.8MEDIUM

Key Information:

Vendor: Simcom
Status: Sim7600g Modem
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-26412?

The SIMCom SIM7600G modem features a vulnerability that permits an attacker to execute system commands with root privileges by leveraging an undocumented AT command. This exploitation requires either physical access to the device or remote shell access to a device configured to interact with the modem via AT commands. Proper safeguards and restricted access should be implemented to mitigate potential threats.

Affected Version(s)

SIM7600G Modem LE20B03SIM7600M21-A

References

https://r.sec-consult.com/simcom

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
Feb 10, 2025

Credit

Constantin Schieber-Knöbl, SEC Consult Vulnerability Lab

Stefan Schweighofer, SEC Consult Vulnerability Lab

Steffen Robertz, SEC Consult Vulnerability Lab

Simcom

What is CVE-2025-26412?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit