Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

chromebook · 2020-03-26T06:58:55.183Z

The Hacker News

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

A new critical remote code execution vulnerability affects millions of OpenWrt based network devices.

Any word on gl.inet devices’ vulnerability to these exploits?

Johnex · 2020-03-26T16:02:31.097Z

It has been commented on here:

OpenWrt CVE-2020-7982 update for GL-S1300? Technical Support for Routers

concerning this topic, is it possible for your team to have a separate firmware for the QSDK B1300/S1300 guys to have updated Openwrt with GL.iNet GUI, understanding that we would lose wifi performance.

Slate · 2020-03-28T17:32:08.132Z

Perhaps refer to this link : Urgent update to repair the critical PPP daemon flaw in GL.iNet OpenWrt routers | by GL.iNet | GL.iNet: Wi-Fi for Things | Medium

chromebook · 2020-04-02T12:30:18.622Z

Thanks for that info - surprised it did not show up here though. Should I be subscribed anywhere specific to catch these security issues?

Johnex · 2020-04-02T13:25:00.977Z

GL pushed an email about it a few days ago actually. I don’t know how to get added to the mailing list for that. @alzhao

chromebook · 2020-04-02T13:38:41.399Z

Oh right thanks… I actually gave a fake email for this forum (…as is tradition…) but for goodcloud.xyz I did give a real one and did not receive anything yet.

alzhao · 2020-04-03T10:23:45.906Z

Johnex:

on’t know how to get added to the mailing list for that

To subscribe to email list, go here

gl-inet.com

Contact Us

Subscribe to our newsletter and keep in touch!

chromebook · 2020-04-04T09:03:30.664Z

think I’ll just set alerts to the blog rather than subscribe to a mailing list …

surab · 2020-04-04T21:50:54.655Z

Hey, I have related to this one or two questions they are:

Why are “old” devices, which you still sell anyways, still have vulnerabilities to this attack?
Why is this popping up here 4 months after it was discovered by the openwrt team?
Why are using even relatively new the last vulnerable version of openwrt? (19.01.1 should be the first one without it, it’s still on the last released 18 OpenWrt version, but with a newer kernel version?)
Why are these signature checks still the go-to method and not just luci-ssl? I installed it via package manager and it bricks your whole admin-cp. Even if I try it without that, https is basically not working from your end which is itself a man-in-the-middle attack vulnerability.

I use basically “behind” the ISP only the devices of you guys and that’s a shitty situation.

//edit, above are factually wrong statements of me, but I’m anyways curious about why

Oh, I read an article which states that if you use a safe DNS Server, which you clearly strongly urge and made very easy you are fine, in many packages are even on the really old lede builds anti china DNS packages installed. Okay, you guys should communicate that, everything else put you in a bad light unnecessarily. I even thought already of not buying anymore of your Routers because if I have to use SSL to be safe this does only work basically if I change the packages and destroy the admin panel of you guys or learn how to use your dominos kit…

Everyone should be and were basically fine for a long time, although now that there’s focus on this, please release a version which works with SSL only, both local and on luci.

My Routers (well obviously you won’t do this for just me, but I think they’re the most sold also)

Summary

GL AR300M,
GL AR750,
GL MT300A
GL-MT 300N-V2
GL Creta

Yes, I could install just the latest openwrt but since that would break your admin UI which is the reason why I buy at you guys, that’s unfortunate.

Exploits not for everyone

These code-execution exploits are limited in their scope because adversaries must either be in a place to conduct a [man-in-the-middle attack]( or tamper with the DNS server that a device uses to find the update on the Internet. That means routers on a network that has no malicious users and using a legitimate DNS server are safe from attack. Vranken also speculates that packet spoofing or ARP cache poisoning may also make attacks possible, but he cautions that he didn’t test either method.