OpenWrt CVE-2020-7982 update for GL-S1300?

There is a critical RCE bug in OpenWrt, https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html and https://openwrt.org/advisory/2020-01-31-1

According to the project team, OpenWrt versions 18.06.0 to 18.06.6 and 19.07.0, as well as LEDE 17.01.0 to 17.01.7, are affected.

Do you plan to update GL-S1300 branch?
Will GL-S1300 be added to “official” OpenWRT repository?

Thanks.

The S1300 uses a modified version of OpenWRT 15.05 called QSDK. Qualcomm is the one that must update it, as it contains proprietary drivers.

If you don’t care about mesh and the performance that QSDK provides, for now you will need to push these latest patches into the latest OpenWRT, until GL updates the sources to the latest version:

@hansome

1 Like

Yes, I was referring to the repository that you have linked.

Thanks,

We checked this problem before. As the main repo is hosted by us and we used https to get the packages, the risk is not that big. But we will for sure to fix later.

2 Likes

concerning this topic, is it possible for your team to have a separate firmware for the QSDK B1300/S1300 guys to have updated Openwrt with GL.iNet GUI, understanding that we would lose wifi performance.

Thanks for the suggestion. Yes it is possible. Will try openwrt 1907 on B1300/S1300 as well as a new device.

I am running two B1300 in mesh mode. I’ve checked the stable an testing firmwares and both are missing the fixed version 2.4.7–13 mentioned in the urgent blogpost. Am I missing something? Can I pick the fixed packages from somewhere else?

@webwurst @makedit
We will update the test firmware today, and then we will notify the two after the update is completed, the official firmware needs to be updated next month

2 Likes

Hi, testing firmware is updated for CVE-2020-7982, http://download.gl-inet.com.s3.amazonaws.com/firmware/b1300/testing/qsdk-b1300-3.103.img
Thanks

2 Likes

wow, if I only have waited a few days…