Openwrt has recently released 24.10.4.
This fixed 2 security issues:
Kernel and other components have also been updated.
Our 4.8.2 is based on 24.10.2 - now 2 updates behind.
Will we see an update to openwrt24 firmware to catch up soon?
Hello,
We are examining whether this security hole has any impact on gl routers.
If there is an impact, let us schedule resource to update to latest op24 as possible.
5 Likes
Thanks Bruce!
R&D team has given a plan, the closed-source firmware will merge security patches into future firmware versions, and open-source firmware will upgrade the op version to 24.10.4.
Thank you!
6 Likes
Bruce,
Is there an ETA for the OP24 update to 24.10.4?
This month.
2 Likes
Thanks.
If it’s going to be 4 more weeks, I’ll swap out the Flint 2 for now rather than risk CVE's.
I have a Netgear XR500 on Openwrt 24.10.4 as backup for these situations.
It is expected to be released in early November, the earliest in this week, next week at the latest.
2 Likes
Do these CVEs effect GLs stable FW builds. If so, when will a stable release become available that patches them?
I commented on the fact that 2 CVE’s patched by Openwrt 24.10.4 had not been patched in OP24-4.8.2.
They now have been patched in OP24-4.8.3.
I also commented that GL-inet made no mention of these two CVE’s in its Security Vulnerabilities section of its website, nor on the Release notes for OP24-4.8.3.
I commented that CVE’s that affect Openwrt also affect GL-inet firmware and should be noted.
Instead of this, my comment was removed!
Why is GL-inet hiding active CVE issues from its users in this way??