An open source cellular modem firmware is long overdue, but there's no government on Earth that would be keen on allowing it to happen, the best we have is 2G/3G stuff that has been illegally leaked and reverse engineered.

A lot of dragons lurking in the dark there.

The network side is already covered by OpenBTS and srsRAN - I believe the latter is already including 5G.

Wonder what's blocking the client side. Power efficiency? No target market since cheap LTE sticks can be had for under 20€ apiece?

The modem firmwares might be old and hairy, but is there any evidence that they have been used to actually compromise phones? All of the investigations that I can recall reading have been exploits in the phone OS application code.