Flint 2 Openwrt24 4.8.2 getting old/risky

covenant · October 28, 2025, 4:40am

Openwrt has recently released 24.10.4.

This fixed 2 security issues:

Kernel and other components have also been updated.

Our 4.8.2 is based on 24.10.2 - now 2 updates behind.

Will we see an update to openwrt24 firmware to catch up soon?

bruce · October 28, 2025, 7:30am

Hello,

We are examining whether this security hole has any impact on gl routers.

If there is an impact, let us schedule resource to update to latest op24 as possible.

covenant · October 29, 2025, 1:19am

Thanks Bruce!

bruce · October 30, 2025, 8:58am

R&D team has given a plan, the closed-source firmware will merge security patches into future firmware versions, and open-source firmware will upgrade the op version to 24.10.4.

Thank you!

covenant · November 3, 2025, 1:47am

Bruce,

Is there an ETA for the OP24 update to 24.10.4?

bruce · November 3, 2025, 1:47am

This month.

covenant · November 3, 2025, 1:54am

Thanks.

If it’s going to be 4 more weeks, I’ll swap out the Flint 2 for now rather than risk CVE's.

I have a Netgear XR500 on Openwrt 24.10.4 as backup for these situations.

bruce · November 3, 2025, 2:45am

It is expected to be released in early November, the earliest in this week, next week at the latest.

2bits · November 17, 2025, 5:40pm

Do these CVEs effect GLs stable FW builds. If so, when will a stable release become available that patches them?

covenant · November 18, 2025, 1:05am

I commented on the fact that 2 CVE’s patched by Openwrt 24.10.4 had not been patched in OP24-4.8.2.

They now have been patched in OP24-4.8.3.

I also commented that GL-inet made no mention of these two CVE’s in its Security Vulnerabilities section of its website, nor on the Release notes for OP24-4.8.3.

I commented that CVE’s that affect Openwrt also affect GL-inet firmware and should be noted.

Still no mention of these two CVE’s.

Why is GL-inet hiding active CVE issues from its users in this way??

bruce · November 19, 2025, 9:31am

Hello,

Sorry for the late reply.

Open-source firmware such as op24, has been updated to openwrt 24.10.4 and v4.8.3-op24 firmware has been released.

Closed-source firmware will follow the firmware release rhythm of each model and merge relevant patch in each next updated version.

The Reporting Security Vulnerabilities on the official website will be updated later after the firmware is released.

system · April 16, 2026, 10:14am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.