PT-2021-19476 · Quectel · Quectel Eg25-G

Nns

Published

2021-08-12

Updated

2022-05-03

CVE-2021-31698

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Quectel EG25-G devices through 202006130814

Description The issue allows for remote execution of arbitrary code by using an AT command to place shell metacharacters in quectel handle fumo cfg input in atfwd daemon. This can lead to code execution as root via AT commands on the Quectel EG25-G modem.

Recommendations For Quectel EG25-G devices through 202006130814, consider disabling the atfwd daemon or restricting the use of AT commands until a patch is available. Avoid using the quectel handle fumo cfg input in the affected daemon to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-31698

Affected Products

Quectel Eg25-G

PT-2021-19476 · Quectel · Quectel Eg25-G

CVE-2021-31698

Weakness Enumeration

Related Identifiers

Affected Products

References · 6