Urgent update to repair the critical PPP daemon flaw in GL.iNet OpenWrt routers
The vulnerability is tracked as CVE-2020–8597.
According to Hacker News, a critical PPP daemon flaw can open most Linux systems to remote hackers. Users with affected operating systems and devices are advised to apply security patches as soon as possible, or when it becomes available.
Currently, we patched the flaw via updating the related plug-ins for these GL.iNet routers:
- GL-AR750S (Slate)
- GL-AR750/GL-AR750-PoE (Creta)
- GL-AR300M/GL-AR300M-Ext/GL-AR300M16/GL-AR300M16-Ext/GL-AR300M-Lite (Shadow)
- GL-AR150/GL-AR150-Ext/GL-AR150-PoE/GL-AR150-PoE-Ext (White)
- GL-X750 (Spitz)
- GL-E750 (Mudi)
- GL-MT300N-V2 (Mango)
- GL-B1300 (Convexa-B)
- GL-S1300 (Convexa-S)
- GL-MV1000 (Brume)
- GL-X1200 (Amarok)
- GL-USB150 (Microuter)
- Microuter N300 / Vixmini
Check the bottom label of your router to make sure the module name. You can get your router patched by following the steps as below,
A) Update Plug-in library in our web Admin Panel
B) Uninstall the old plug-in called “ppp” and “ppp-mod-pppoe” with version 2.4.7–12
C) Install the plug-in called “ppp” and “ppp-mod-pppoe” with new version 2.4.7–13
The vulnerability, tracked as CVE-2020–8597 with CVSS Score 9.8, can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them. We urge you to follow above steps to patch the flaw as soon as possible. For more information, you can email to email@example.com or post on our forum.
We are a leading developer of OpenWRT pre-installed wireless routers and world-class solution providers, offering quality services of smart cities, data privacy protection, and enterprise IoT. We partner with like-minded companies around the globe to provide phenomenal products and services. We aim to build a smarter lifestyle.