PINE64   ›   PinePhone   ›   PinePhone Hardware   ›   CVE-2021-31698 - Quectel Eg25-g AT Command Injection

CVE-2021-31698 - Quectel Eg25-g AT Command Injection
jtn0514
Pine Initiate
**
Joined: Sep 2021
Posts: 5

Reputation: 0
#1
09-20-2021, 08:49 PM (This post was last modified: 09-20-2021, 08:56 PM by jtn0514.)
https://cve.mitre.org/cgi-bin/cvename.cg...2021-31698
https://nns.ee/blog/2021/04/03/modem-rce.html

Curious how to know if the chipset in your device is vulnerable at this point. CVE States the following "Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon."

This is pretty bad news if this is the case and it hasnt been adressed or patched somehow with a firmware update. Would love to see some further input on this if anyone has any more info on how to patch against this?
  Reply


Messages In This Thread
CVE-2021-31698 - Quectel Eg25-g AT Command Injection - by jtn0514 - 09-20-2021, 08:49 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  firmware udate Quectel EG25-G modem alwi 7 5,583 07-06-2022, 01:43 PM
Last Post: user641
  Need command to tell what modem firmware I am on. purpletiger 4 2,980 07-06-2022, 12:35 PM
Last Post: Zebulon Walton
  Quectel T-Mobile Certification and MMS manuals mouffa 2 2,992 08-08-2021, 04:28 AM
Last Post: mouffa
  Quectel EG25-G H/W interface - Operating Modes - eg25-manager mouffa 0 1,983 06-23-2021, 06:57 AM
Last Post: mouffa
  Quectel EG25-G GNSS Configuration and location tracking mouffa 2 5,895 06-07-2021, 04:24 AM
Last Post: mouffa
  Quectel EG25-G Modem Configuration - ofono - Manjaro Plasma mouffa 5 4,655 06-02-2021, 11:38 AM
Last Post: mouffa
  EG25-G support for emergency alerts (WEA/CMAS) newton688 5 6,856 07-01-2020, 11:35 AM
Last Post: wibble
  Heat build-up: EG25 or SOC? CloudHackIX 5 6,212 02-24-2020, 08:52 PM
Last Post: CloudHackIX

Forum Jump:


Users browsing this thread: 1 Guest(s)