Vulnerability in Simcom Sim7600g Modem
CVE-2025-26412
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interact…
EPSS: 0.003 (17.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Simcom Sim7600g Modem — versions LE20B03SIM7600M21-A
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-26412?
- CVE-2025-26412 is a medium-severity vulnerability in Simcom Sim7600g Modem, classified under Hidden Functionality. CVSS score: 6.8/10. Published 2025-06-11.
- How severe is CVE-2025-26412?
- Medium severity. CVSS v3 base score is 6.8 out of 10.
- Is CVE-2025-26412 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.