DEFCON-33
Hacking Hotspots: Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G & 4G/LTE Routers
98
17
98
public
Overview
Materials and references for my DEF CON 33 talk on exploiting vulnerabilities in Tuoshi and Kuwfi 5G & LTE Routers.
Covers CVE discoveries, exploitation demos, and lessons learned from vendor analysis.
Agenda
- Whoami
- Related Work
- Tuoshi Devices
- Kuwfi Devices
- Conclusions
Highlights
-
Previous Talk: DEF CON 27 – Reverse Engineering 4G Hotspots
-
References:
Devices
Tuoshi (Dionlink): NR500-EA, LT15D, LT21B
Kuwfi: GC111, AC900, CPF908, 5G01-X55
v0.3.1[beta]
v0.3.1[beta]