Severe WPA2 Vulnerability

Seeing a lot on twitter about a severe flaw in WPA2 and that many router manufactures are being pressed to patch. Will GLI be patched?

Article here: Serious flaw in WPA2 protocol lets attackers intercept passwords and much more | Ars Technica

Some details (I believe more details will be shared today):

“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”


The firmware is based on Lede/OpenWRT. Those are currently working on getting it fixed. I guess gl-inet will apply these same fixes on their firmware after those are ready.

Commit for Lede are already made:

So it doubt it will take to long for gl-inet to get their firmware fixed.


Good to hear thanks @Groentjuh

Also, does anyone know if the auto update feature work on GLI? on one of my models, I’ve had it plugged in with auto-update set to on for a few days on an older version with no change?

On OpenWRT forum I read that it’s going to be fixed in LEDE 17.1.4.

My GL-MT300A devices are on OpenWrt Chaos Calmer 15.05 r47065.

it would be great if this was fixed in the gl.inet firmware

Please check.