Urgent Update to Repair the Critical PPP Daemon Flaw in GL.iNet OpenWrt Routers
The vulnerability is tracked as CVE-2020–8597.
According to Hacker News, a critical PPP daemon flaw can open most Linux systems to remote hackers. Users with affected operating systems and devices are advised to apply security patches as soon as possible, or when it becomes available.
Currently, we patched the flaw via updating the related plug-ins for these GL.iNet routers:
- GL-AR750S (Slate)
- GL-AR750/GL-AR750-PoE (Creta)
- GL-AR300M/GL-AR300M-Ext/GL-AR300M16/GL-AR300M16-Ext/GL-AR300M-Lite (Shadow)
- GL-AR150/GL-AR150-Ext/GL-AR150-PoE/GL-AR150-PoE-Ext (White)
- GL-X750 (Spitz)
- GL-E750 (Mudi)
- GL-MT300N-V2 (Mango)
- GL-B1300 (Convexa-B)
- GL-S1300 (Convexa-S)
- GL-MV1000 (Brume)
- GL-X1200 (Amarok)
- GL-USB150 (Microuter)
- Microuter N300 / Vixmini
Check the bottom label of your router to make sure the module name. You can get your router patched by following the steps as below,
A) Update Plug-in library in our web Admin Panel
B) Uninstall the old plug-in called “ppp” and “ppp-mod-pppoe” with version 2.4.7–12
C) Install the plug-in called “ppp” and “ppp-mod-pppoe” with new version 2.4.7–13
The vulnerability, tracked as CVE-2020–8597 with CVSS Score 9.8, can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them. We urge you to follow above steps to patch the flaw as soon as possible. For more information, you can email to firstname.lastname@example.org or post on our forum.
GL.iNet builds network hardware and software solutions that bring affordable and secure network connectivity to families and businesses all over the world. We work with a wide range of industries, solving everyday internet problems in offices, and providing complex networking solutions such as smart buildings and IoT Networks. At GL.iNet, We believe all successful businesses build upon a strong and secure foundation, which is why our highest priority is perfecting network security and reliability for our partners.