SIMCom SIM7600G Modem Undocumented Root Shell Access Vulnerability

A vulnerability exists in the SIMCom SIM7600G modem, specifically in the firmware revision LE20B03SIM7600M21-A. The modem supports an undocumented AT command that allows an attacker to execute system commands with root privileges. Exploitation requires either physical access to the modem or remote shell access to a device that sends AT commands to the modem.

Impact

Exploitation of this vulnerability provides unauthorized root access on the affected modem, allowing for unrestricted execution of system commands.

Reproduction

The vulnerability can be reproduced by sending the undocumented AT command 'AT+CSHELL' through a tool like 'mmcli', which communicates with the modem. This command can be used to execute system commands on the modem with root privileges. For example, executing 'AT+CSHELL="id"' would return the user ID and group ID, confirming root access.

Remediation

As of now, there is no known patch for this vulnerability. Users are advised to contact their SIMCom representative or distributor to request a patch that removes the backdoor command.