The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.
The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product’s users or administrators.