关键漏洞信息 漏洞标题 Undocumented Root Shell Access on SIMCom Modem 产品和版本 Product: SIM7600G Modem Vulnerable Version: Firmware Revision: LE910C8SIM7620E11 A Fixed Version: Not specified CVE编号和影响 CVE Number: CVE-2025-26412 Impact: Medium 发现日期 Found: 20.11.2023 漏洞概述 Description: The SIMCom SIM7600G modem supports an undocumented AT command, which allows local physical attackers to escalate system commands with root permissions on the modem. 概念验证 (PoC) AT+CSHELL 命令可用于在 SIM7600G 调制解调器上以物理连接的串行端口执行系统命令。 受影响/测试版本 Firmware Revision: LE910C8SIM7620E11 A 解决方案 Solution: Vendor was unresponsive to multiple communication attempts during over one year of responsible disclosure after submitting our advisory to them. Workaround: It is unknown as to whether a patch is available. Customers of SIMCom are urged to reach out to their contact person at SIMCom or distributors to demand a patch which removes the backdoor command. 厂商联系时间线 多次尝试与厂商联系,但未收到回应。