CVE-2025-26412

CVE-2025-26412: Undocumented Root Shell Access in SIMCom SIM7600G Modem

Vendor Simcom
Product SIM7600G Modem
Weakness CWE-912
Published June 11, 2025
Last update June 18, 2025

CVSS base score

What the vulnerability does

01Description

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.

Key dates

02Disclosure timeline

June 11, 2025 CVE published
June 18, 2025 Record updated