CVE-2025-26412

{"id": "CVE-2025-26412", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2025-06-11T09:15:22.067", "references": [{"url": "https://r.sec-consult.com/simcom", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "http://seclists.org/fulldisclosure/2025/Jun/17", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-912"}]}], "descriptions": [{"lang": "en", "value": "The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands."}, {"lang": "es", "value": "El m\u00f3dem SIMCom SIM7600G admite un comando AT no documentado que permite a un atacante ejecutar comandos del sistema con permisos de root en el m\u00f3dem. Un atacante necesita acceso f\u00edsico o acceso remoto a un dispositivo que interact\u00fae directamente con el m\u00f3dem mediante comandos AT."}], "lastModified": "2025-06-18T05:15:48.290", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}