But after deletion there are no updated versions of “ppp” and “ppp-mod-pppoe” available.
Only the old insecure versions.
The “Update all plugins”-button does not change this, neither does a reboot of the router.
(screenshots from Brume-Admin-Interface, using v.3.102):
So: Where do we get the updated Plugin-Versions of ppp and ppp-mod-pppoe?
After further investigation (could update slate and ar-750 to updated secure plugins wit no problem, both using standard “release” Firmware) I noticed:
This issue relates to this one mentioned here:
Basically: For gl.iNet mv-1000/Brume, there is no updated/secure list of plugins?
Can you please confirm & give an option to update those plugins?
I thought the problem concerned the pre-release"testing" firmware of mv-1000/Brume.
So I reinstalled the official “release”-Firmware … but even then: The Plugins-list does not reflect the secure versions necessary (2.4.7-13)
You should know that the ppp daemon is only used if you connect to an ISP and use something like PPPoE directly on the router via for example a DSL line. If you are using a gateway at home from your ISP, that one is already configured and your GL router will not use the ppp daemon at all.
So this vulnerability does not affect most people. You can completely remove the ppp package and you will notice the router still works fine.