Urgent Update to Repair the Critical PPP Daemon Flaw in GL.iNet OpenWrt Routers

The vulnerability is tracked as CVE-2020–8597.

According to Hacker News, a critical PPP daemon flaw can open most Linux systems to remote hackers. Users with affected operating systems and devices are advised to apply security patches as soon as possible, or when it becomes available.

Currently, we patched the flaw via updating the related plug-ins for these GL.iNet routers:

• GL-AR750S (Slate)
• GL-AR750/GL-AR750-PoE (Creta)
• GL-AR300M/GL-AR300M-Ext/GL-AR300M16/GL-AR300M16-Ext/GL-AR300M-Lite (Shadow)
• GL-AR150/GL-AR150-Ext/GL-AR150-PoE/GL-AR150-PoE-Ext (White)
• GL-MiFi
• GL-X750 (Spitz)
• GL-E750 (Mudi)
• GL-MT300N-V2 (Mango)
• GL-B1300 (Convexa-B)
• GL-S1300 (Convexa-S)
• GL-MV1000 (Brume)
• GL-X1200 (Amarok)
• GL-USB150 (Microuter)
• Microuter N300 / Vixmini

Check the bottom label of your router to make sure the module name. You can get your router patched by following the steps as below,

A) Update Plug-in library in our web Admin Panel

B) Uninstall the old plug-in called “ppp” and “ppp-mod-pppoe” with version 2.4.7–12

C) Install the plug-in called “ppp” and “ppp-mod-pppoe” with new version 2.4.7–13

The vulnerability, tracked as CVE-2020–8597 with CVSS Score 9.8, can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them. We urge you to follow above steps to patch the flaw as soon as possible. For more information, you can email to support@glinet.biz or post on our forum.