The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.
Credits
Constantin Schieber-Knöbl, SEC Consult Vulnerability Lab
Stefan Schweighofer, SEC Consult Vulnerability Lab
