Enhance your router's security by updating to the latest firmware

millief · May 2, 2024, 9:58am

To all GL.iNet users,

We’ve recently released new firmware versions for specific GL.iNet routers to address some critical security vulnerabilities we’ve found in them. This update includes fixes for CVE-2023-46454, CVE-2023-46455, CVE-2023-46456, CVE-2023-47463, CVE-2023-47464, CVE-2023-50919, CVE-2023-50920, CVE-2023-50921, CVE-2023-50922, CVE-2023-50445, and CVE-2024-27356.

For more detailed information, please read the security advisories on this page.

To ensure the optimal security for your router, you are advised to upgrade your router to the latest firmware if you’re affected. If you want to learn more about the latest firmware version (including the OpenWrt version) available for your router and your router’s support status, visit the Firmware Status Update page.

For any questions, please send us an email at support@glinet.biz at any time.

Best regards,
GL.iNet

eric · May 2, 2024, 8:35pm

Your list of CVEs is missing the still supported microuter-N300. Can you please let us know if any of these CVEs effects this model.

millief · May 3, 2024, 2:02am

Hi eric, thank you for your question! These security vulnerabilities affected particular router models running firmware v4.x. microuter-N300 runs on firmware v3.x, which was not affected.

eric · May 3, 2024, 2:39am

Interesting. Per the Security Advisories Chart at Security Advisories (Vulnerabilities and CVEs) April 29 2024 - GL.iNet

It shows:

GL-XE300 Puli V3.217 and earlier Needs upgraded to: V4.3.16
GL-X750 Spitz V3.217 and earlier Needs upgraded to: V4.3.11
GL-SFT1200 Opal V3.217 and earlier Needs upgraded to: V4.3.11

So why do these 3 routers running V3.x code need upgraded to 4.x to fix security issues and the microuter-N300 does not need a 4.x upgrade for SECURITY ISSUES. Are there no open CVEs in the currently available firmware for the microuter-N300

alzhao · May 3, 2024, 4:26am

Sorry the most severe ones, including the following
CVE-2023-50919 Critical
CVE-2023-50920
CVE-2023-50921
CVE-2024-27356

only affect firmware 4.x.

We will update the advisories.

Clay · May 3, 2024, 9:56pm

I think this might have erased all my static IP assignments. And now my Echo cant control or rediscover my wifi switches. Not to sound accusatory, the updates are necessary for sure, and I can deal with redoing the static IPs no big deal but I’m trying to figure out why the Echo can’t find my switches. One theory I have might be Upnp related according to this article
Any help would be appreciated

hecatae · May 3, 2024, 11:13pm

Doesn’t exist

https://dl.gl-inet.com/router/sft1200/

Anon · July 4, 2024, 1:49am

So after logging in to my Puli router today, I got notified about an update (claiming security updates and fixes).

After doing the update I've lost a feature I used and preferred (Quad9 Encrypted DNSCrypt-proxy),
The only options for encrypted-DNS are DNSCrypt-proxy and DNS-over-TLS neither of those have quad9 as an option. (Side note: I would be Very happy if I could use DNS-via-HTTPS)

Please Re-add the ability to use DNSCrypt-proxy via Quad9, I have used them for years with great satisfaction, It used to be there in the drop-down list, is there a reason for its removal?

For convenience here is a link where the configs/.TOML can be found.(feel free to remove if unnecessary)