There is a critical RCE bug in OpenWrt,
Critical RCE Bug Affects Millions of OpenWrt-based Network Devices and [OpenWrt Wiki] Security Advisory 2020-01-31-1 - Opkg susceptible to MITM (CVE-2020-7982)
According to the project team, OpenWrt versions 18.06.0 to 18.06.6 and 19.07.0, as well as LEDE 17.01.0 to 17.01.7, are affected.
Do you plan to update GL-S1300 branch?
Will GL-S1300 be added to “official” OpenWRT repository?
March 25, 2020, 6:29pm
The S1300 uses a modified version of OpenWRT 15.05 called QSDK. Qualcomm is the one that must update it, as it contains proprietary drivers.
If you don’t care about mesh and the performance that QSDK provides, for now you will need to push these latest patches into the latest OpenWRT, until GL updates the sources to the latest version:
Yes, I was referring to the repository that you have linked.
March 26, 2020, 2:26am
We checked this problem before. As the main repo is hosted by us and we used https to get the packages, the risk is not that big. But we will for sure to fix later.
concerning this topic, is it possible for your team to have a separate firmware for the QSDK B1300/S1300 guys to have updated Openwrt with GL.iNet GUI, understanding that we would lose wifi performance.
April 3, 2020, 8:20am
Thanks for the suggestion. Yes it is possible. Will try openwrt 1907 on B1300/S1300 as well as a new device.
I am running two B1300 in mesh mode. I’ve checked the stable an testing firmwares and both are missing the fixed version
2.4.7–13 mentioned in the
urgent blogpost. Am I missing something? Can I pick the fixed packages from somewhere else?
April 30, 2020, 2:12am
We will update the test firmware today, and then we will notify the two after the update is completed, the official firmware needs to be updated next month
wow, if I only have waited a few days…
Any update about this? It would be very nice to have an updated 19.07 version for S1300 (also B1300).
We are testing it for a project, but current version on
Commits · gl-inet/openwrt · GitHub is very old