Pre-Auth RCE, Arbitrary SMS & Adjacent Attacks on 5G and 4G/LTE Routers

Name: Pre-Auth RCE, Arbitrary SMS & Adjacent Attacks on 5G and 4G/LTE Routers
Description: Edward Warren, a senior cybersecurity analyst who conducted this research while working at a security operations center, presents a series of vulnerabilities in Tuoshi and Cufi branded 5G and 4G/LTE m

Edward Warren

DEF CON 33 · Day 2 · Main Stage

Edward Warren, a senior cybersecurity analyst who conducted this research while working at a security operations center, presents a series of vulnerabilities in Tuoshi and Cufi branded 5G and 4G/LTE m

AI review

Pre-auth RCE and arbitrary SMS injection in Tuoshi/Cufi 5G/4G LTE routers. Classic embedded IoT vulns — command injection via unsanitized web API, AT command injection via SMS endpoint — with practical SMS spoofing implications. Good methodological template for this device class.

Watch on YouTube