Does this affect GLI routers? [VPN Vulnerability]

Just wondering if this also affects GL routers and if there are patches planned?

" The researchers disclosed the security flaw they detected, tracked as CVE-2019-14899, to Linux distro makers, the Linux kernel security team and to others that are impacted including systemd, Google, Apple, OpenVPN and WireGuard.

As of now, the vulnerability is known to impact most Linux distributions as well as Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS and Android."

More details - VPN connections could be hacked due to Linux security flaw | TechRadar

Interesting… assumes that one would have access to the AP, so one has to break into this first… unless of course, one is doing fun things with pineapple kind of stuff.

Let’s see what pops up in upstream OpenWRT-Master first…

There are 3 steps to this attack:

  1. Determining the VPN client’s virtual IP address
  2. Using the virtual IP address to make inferences about active
  3. Using the encrypted replies to unsolicited packets to determine the
    sequence and acknowledgment numbers of the active connection to hijack
    the TCP session

There are 4 components to the reproduction:

  1. The Victim Device (connected to AP, 192.168.12.x,
  2. AP (controlled by attacker,
  3. VPN Server (not controlled by attacker,
  4. A Web Server (not controlled by the attacker, public IP in a real-
    world scenario)

Reference oss-sec: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.