Urgent Update to Repair the Critical PPP Daemon Flaw in GL.iNet OpenWrt Routers

The vulnerability is tracked as CVE-2020–8597.

According to Hacker News, a critical PPP daemon flaw can open most Linux systems to remote hackers. Users with affected operating systems and devices are advised to apply security patches as soon as possible, or when it becomes available.

Currently, we patched the flaw via updating the related plug-ins for these GL.iNet routers:

  • GL-AR750S (Slate)
  • GL-AR750/GL-AR750-PoE (Creta)
  • GL-AR300M/GL-AR300M-Ext/GL-AR300M16/GL-AR300M16-Ext/GL-AR300M-Lite (Shadow)
  • GL-AR150/GL-AR150-Ext/GL-AR150-PoE/GL-AR150-PoE-Ext (White)
  • GL-MiFi
  • GL-X750 (Spitz)
  • GL-E750 (Mudi)
  • GL-MT300N-V2 (Mango)
  • GL-B1300 (Convexa-B)
  • GL-S1300 (Convexa-S)
  • GL-MV1000 (Brume)
  • GL-X1200 (Amarok)
  • GL-USB150 (Microuter)
  • Microuter N300 / Vixmini

Check the bottom label of your router to make sure the module name. You can get your router patched by following the steps as below,

A) Update Plug-in library in our web Admin Panel

Update Plug-in library

B) Uninstall the old plug-in called “ppp” and “ppp-mod-pppoe” with version 2.4.7–12

Uninstall the plug-in ppp

C) Install the plug-in called “ppp” and “ppp-mod-pppoe” with new version 2.4.7–13

Install the plug-in ppp

The vulnerability, tracked as CVE-2020–8597 with CVSS Score 9.8, can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them. We urge you to follow above steps to patch the flaw as soon as possible. For more information, you can email to support@glinet.biz or post on our forum.

About GL.iNet

GL.iNet builds network hardware and software solutions that bring affordable and secure network connectivity to families and businesses all over the world. We work with a wide range of industries, solving everyday internet problems in offices, and providing complex networking solutions such as smart buildings and IoT fleet management. At GL.iNet, We believe all successful businesses build upon a strong and secure foundation, which is why our highest priority is perfecting network security and reliability for our partners.