V4.5.22

Overview

This version fixed some security vulnerabilities.

V4.5.19

Overview

This version fixes some security vulnerabilities.

Supported Models

GL-X300B Collie, GL-A1300 Slate Plus, GL-B3000 Marble.

V4.5.17

Overview

This firmware release provides fixes to various bugs and security vulnerabilities.

Supported Models

GL-X300B Collie, GL-A1300 Slate Plus.

Bug fixes

• Fixed an issue where relaying 5GHz Wi-Fi using 165 channels would fail and cause the repeater to abnormally.

V4.5.16

Overview

This firmware release provides fixes to some bugs and security vulnerabilities.

Supported Models

GL-A1300 Slate Plus, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-MT3000 Beryl AX, GL-MT2500/GL-MT2500A Brume 2

Improvements

• Optimized the client IP assignment policy in TAP-S2S mode when the device subnets of OpenVPN Client and OpenVPN Server were the same.
• Upgraded Tailscale to version 1.58.2.

Bug fixes

• Fixed an issue where multiple parsed AllowedIPs were incorrect when parsing the uploaded WireGuard client configuration files.
• Fixed an IP conflict issue that occured when adding a client profile to WireGuard after modifying the PeerIP of the WireGuard server configuration via SSH.
• Fixed an issue where the router’s Tailscale service data would be forwarded through a VPN tunnel when the VPN Client global mode was enabled.
• Fixed an issue where inbound data from non-VPN interfaces would not trigger port forwarding rules when VPN was enabled.
• Fixed an issue where some devices from the TAP-S2S OpenVPN client would not display properly on the client page.
• Fixed an issue where the OpenVPN server certificate may be lost after rebooting the device.
• Fixed an issue where the address’s description field was lost after upgrading to firmware v4.5.0 from v4.4.x when the user chose to keep router settings.
• Fixed an issue where selecting manual mode on the MAC address page and entering the factory default MAC address on the ethernet page would result in an unsuccessful configuration even after connecting to the repeater successfully at first.
• Fixed an issue where the network speed limit feature was still activated after enabling network speed limit, enabling network acceleration, and rebooting the device.
• Fixed some known vulnerabilities.

V4.5.0

Overview

This release version mainly enhances network security and fixes known issues with network status detection, providing users with the option to manually add languages in the language community and the option to pre-emptively experience the new version. It is compatible with Full Cone NAT and SIP ALG features found in other routers. Optimization, bug fixing, and vulnerability repair for more vendors are shown below.

This release is available for the following models:
GL-A1300 Slate Plus
GL-AX1800 Flint
GL-AXT1800 Slate AX
GL-MT3000 Beryl AX
GL-MT2500/GL-MT2500A Brume 2
GL-X300B Collie

New features

• Reconstructed mwan3 and renamed it as kmwan. Optimized failover and load balancing, as well as network status in various scenarios.
• Added the Security configuration page.
• Added grayscale testing design. Added RC version subscription and upgrade.
• Added the communityization of language packs to support manual addition.
• Added support for IPoE, and support for configuring VLAN ID during DHCP and static dialing.
• Added Full Cone NAT function.
• Added the SIP ALG option.
• Added new temperature protection setting for MTK Wi-Fi.

Improvements

• Optimized the side route UI interaction and add the option to turn off the DHCP server itself.
• Optimized the restart process of the relay program.
• [Only for GL-X300B Collie] Optimized the functionality of RS485, the UI, and localization.
• Optimized the Tailscale mechanism.
• Updated language files and pull translation scripts.

Bug fixes

• Fixed an issue where the interface jumped due to the incorrect change in the client's online time.
• Fixed an issue with the TTL settings not taking effect.
• Fixed an issue where scanning always indicated that it was in DFS when all interfaces were disabled.
• Fixed an issue of failing to enable Wi-Fi for the first time after upgrading.
• Fixed an issue of failing to connect to the AP due to a failure to parse IE_HT_CAP.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

V4.4.6 - Sep 8,2023

VPN

• Fixed the problem that the OpenVPN client cannot access the Internet after dialing up, either by rebooting the router or by restarting the feature.

WireGuard

• Fixed the problem that WireGuard client gets error 'Error: inet6 prefix is expected rather than' when connecting to server.
• Fixed the problem that the WireGuard client of the device under test does not disconnect after the WireGuard server of the device accompanying the test is shut down, and keeps showing the connection status.

Repeater

• Fixed the problem that the wireless network connection is abnormal after the router repeater DFS channel.

Tailscale

• Fixed the problem that when using PPPoE dialup, the Internet cannot be accessed when tailscale is enabled.
• Fixed the problem that the Good Cloud platform fails to connect when Tailscale is enabled.

Clients

• Fixed the problem that the black/white list function is not compatible with the old version of blacklist.

Upgrade

• Fixed the problem that online upgrade reports error '-4,fetch firmware name fail: network unreachable'.

DDNS

• Fixed the problem that all TCP ports are opened when DDNS is enabled to allow http/https access in reserved configurations.

LAN

• Fixed the problem that br-lan occasionally hangs when changing LAN IP.

V4.4.5 - Aug 11,2023

VPN

• Open VPN server when using tor,delete -4VPN conflict prompt.

GoodCloud

• Fix MQTT runs abnormally after obtaining 4G/5G information.

Modem

• Fix M2 demo board cannot recognize SIM card.
• Fix abnormal display of LTE bandwidth.

Tailscale

• Add support for accepting routes option.
• Add support for mutual access between Tailscale subnets.

Dns

• Fix next-dns setting does not take effect.

WireGuard

• Fix WireGuard cannot reconnect after working for two days.

Parental Control

• Fix adding specified url does not take effect.

Bug Fixes

Fixed the problem that after the MT3000 relays the 160M Hz hotspot, the AP becomes 20M.
Fixed the problem that the AX/AXT1800 cannot access the AP itself after relaying the DFS 140 channel.
Fixed the problem that parental control cannot block blacklist websites in newer browsers.
Fixed the externder working mode, the superior cannot ping the subordinate.
Fixed the problem that openvpn port forwarding fails after the reserved configuration is upgraded.
Fix the problem that mqtt cannot report SSID.
Fixed the problem that ddns occasional interface return error.
Fixed The relay cannot connect to Huawei TC7102 160MHz 5GWiFi.
Fix single sim card slot does not return dual sim card slot information.
Fixed the problem that after the adguardhome function is turned on on the A1300 and the adguardhome is turned off, the visitor has no network.
Fixed the problem that Openvpn Server and wireguard Server shut down remote access to the LAN subnet, but the Openvpn and wireguard clients can still access the IP address of the PC on the LAN side of the server.
Fixed the AP bridge mode, the bridge is not successful. The address assigned by the superior cannot be obtained.
Support-EM160R-EM060K-EM120K-RM520N-modem.
Fixed the problem that A1300 cannot recognize USB3.0 external modem.
Fixed the problem of abnormal equipment caused by the time zone or 160M bandwidth issued by the GoodCloud.
Correct the display problem of the LED light in the unconnected network mode.
Fixed the problem of unsuccessful dialing using external modem, QMI and QCM protocol dialing.
Roll back MTK SDK from v7.6.7.0 to v7.6.6.1.

Bug Fixes

Fixed a problem where the WiFi configuration page showed unavailable channel options.
Fixed a problem where NordVPN could not resolve DNS after keeping settings upgrade.
Fixed a problem where GL-MT3000 failed to recognize USB3.0 modem.
Fixed a problem where the IPV6 rate limiting does not take effect.
Fixed a problem where GL-MT3000 failed to repeat to iPhone 13 and TP-LINK ACR700.
Fixed a memory leak problem in GL-MT3000 when using QCM protocol.
Fixed a probabilistic issue where GL-MT3000 could not apply OpenVPN username and password.
Fixed switch button not taking effect when parental control is enabled on GL-A1300.
Fixed a BUG where clients could not access the internet after failover.

Optimizations

Disabled nginx access logs.
Optimized the MWAN3 online detection threshold.
Optimized the synchronization of configuration files in abnormal situations.
Optimized the repeater scan time of GL-MT3000.

Software Upgrade

Upgraded AdguardHome to V0.107.26.

Optimization

Improved IPv6 LAN Mode options. Separates the native and passthrough modes.
Improved the results and hints of the DDNS test.
Improved drop-in gateway feature with DHCP-based solution to increase stability.
Improved LED lighting logic to ensure consistency with the UI.
Improved interaction for MAC address cloning.
Improved networking status alerts in Internet page.
Improved interface tracking settings description for Multi-WAN.
Improved login page with automatic focus to password input box.
Improved VPN client configuration file view with files sorted by name.
Improved the switch name in the VPN global options for whether the GL.iNet service uses VPN or not.
Improved the interaction of set read-only users to read-write users in network storage.
Improved ADGuard Home feature to support seeing which client the request is coming from.

Language

Added German language.

New feature

Added Parental Control feature.
Added Zerotier feature.
Added Tailscale feature.
Added Clear Traffic Statistics button for in client page.
Added DHCP Gateway option for LAN.
Added SSID Visibility option for guest Wi-Fi.
Added support for GoodCloud alerts when new clients join.
Added support for comments for domain and IP profiles in VPN policy.

V4.7.2

Overview

This version introduces several new features and enhancements that improve the interface interaction for overall user experience.

Support Models

Slate Plus (GL-A1300), Marble (GL-B3000), Collie (GL-X300B).

New Features

• Added device initialization wizard, including administrator and WiFi password, networking, VPN and other core function settings.
• • Added the Cloud account login function, supporting device binding to the cloud from the firmware web page.
• Added Domain Name List Subscription function, support VPN policy and parental control to subscribe to online domain name or IP list via URL.
• Added support for Control D DNS.
• Added the AP Isolation function.
• Added the Luci Access Restriction function.
• Added the Network Port Management page, supporting scheduled and restart of automatic Ethernet MAC updates, WAN/LAN port switching, and displaying network port negotiation rates.
• Added NordVPN, PIA, Surfshark, Hideme, IPVanish WireGuard VPN, and support AzireVPN registration function.

Optimization

• Optimized the process for manually adding the WireGuard client configuration file and supporting automatic key generation.
• Optimized the process for configuring vendor profiles for VPN clients.
• Optimized Repeater random MAC setting, supporting scheduled and restart of automatic Repeater MAC updates.
• Optimized the flow of Multi-WAN load network status detection.
• Optimized OpenVPN Client functionality to allow modification of configuration file names.
• Optimized page names in the web Administration Panel so that the router is host name appears in the browser tab.
• Optimized page interactions such as interface error messages and inputable drop-down list designs.
• Upgraded AdGuard Home to version 0.107.52.
• Upgraded Tor to version 0.4.8.9.

V4.3.18

Overview

This version fixes some security vulnerabilities.

Supported models

Slate (GL-AR750S), Creta (GL-AR750), Mudi (GL-E750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Puli (GL-XE300), Convexa-B (GL-B1300), Cirrus (GL-AP1300).

V3.218

Overview

This firmware release provides fixes to various bugs and security vulnerabilities.

Supported Models

Convexa-S (GL-S1300), Cirrus (GL-AP1300).

Bug fixes

• Fixed an issue that the client device of the router could not get an IP address if the router as a VPN client disconnects and reconnects with an OpenVPN server in S2S-TAP mode.

System

1. Based on openwrt 19.07.8 (AR150,MIFI,AR300M,USB150,N300,AR750,AR750S,X750,E750,XE300,MT1300,MT300N-V2,MV1000)
   
2. Based on QSDK11 (B1300,S1300,AP1300,B2200,AX1800)
   
3. Based on Siflower SDK (SF1200,SFT1200)
   

Security

1. Fixed shell injection vulnerabilities.
   

New features

1. Support upgrade to sdk4.x.
   

Important bugfix

1. Fixed SF1200/SFT1200 VPN data leaks.
   
2. Fixed MT300N-V2 switch does not reset after the network is restarted.
   
3. Fixed X750 wireless initialization exception.
   
4. Fixed B2200 WiFi mac error.
   
5. Fixed B2200 MESH clients display error.
   
6. Fixed B2200 MESH link instability.
   
7. Fixed B2200 MESH status LED display error.
   
8. Fixed B2200 MESH network failure after the upgrade.
   
9. Fixed B2200 MESH sub-router web error message.
   
10. Fixed AX1800 USB output is powered off because the manual modem reset.
    
11. Fixed Wireguard client reconnect failure in some scenarios.
    
12. Fixed Error occurs when the wireguare client name contains spaces.
    

V4.3.25

Overview

This version fixes some security vulnerabilities.

Synchronize Updated Models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

V4.3.18

Overview

This version fixes some security vulnerabilities.

Supported models

Slate (GL-AR750S), Creta (GL-AR750), Mudi (GL-E750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Puli (GL-XE300), Convexa-B (GL-B1300), Cirrus (GL-AP1300).

V4.3.17

Overview

This version fixes some security vulnerabilities and other bugs.

Supported models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

Bug fixes

• Fixed the issue that the Web may show an error message when modifying the Maximum Number of Users or DHCP Gateway in the LAN page.
• Fixed the issue that some disconnected Wi-Fi clients still show online in the client list.
• Fixed the issue that the color of the online upgrade dialog is abnormal under the dark theme.
• Fixed the issue that GL-SFT1200 can not be upgraded online.
• Fixed the issue that the client device cannot access the Internet IPv6 address in Static IPv6 mode of GL-SFT1200.
• Fixed some interface text errors.

V4.3.11

Overview

This firmware release provides optimizations, bug fixes, and fixes for security vulnerabilities.

Supported Models

GL-AR300M,GL-AR300M16,GL-AR750,GL-AR750S,GL-B1300,GL-MT300N-V2,GL-MT1300,GL-SFT1200 and GL-X750

New features

• Added language support for Korean.
• (Only available on GL-X750) Added some software packages: kmod-fs-vfat, kmod-fs-ntfs, kmod-fs-ext4, e2fsprogs.

Bug fixes

• Fixed an issue with GL-MT300N-V2 where the dip switch and the UI display were reversed.
• Fixed an issue with GL-MT300N-V2 where wireless terminals could not obtain an address after successfully switching to the Extend and WDS modes.
• Fixed an issue where two routers acting as the VPN server and the VPN client respectively could not automatically reconnect after disconnection due to network volatility.
• Fixed an issue where client devices connected through an ethernet cable would not automatically reconnect after the LAN IP address was modified.
• Fixed a conflicted that occurred with GL-SFT1200 between PPPoE protocol with VLAN ID and hardware acceleration.
• Fixed an error that happened when a device using PPPoE protocol first switched to the Extender mode and then restored the Route mode.
• Fixed various known vulnerabilities.

V4.3.10

Overview

This version mainly includes optimizations, bug fixes, and security vulnerability resolutions, as shown below.

This release is available for the following models:
GL-AR300M Shadow
GL-AR300M16 Shadow
GL-AR750 Creta
GL-AR750S-EXT Slate
GL-B1300 Convexa-B
GL-MT300N-V2 Mango
GL-MT1300 Beryl

Bug fixes

• Fixed deadlock issue in mwan3.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

Cautions

• Your settings can NOT be kept when upgrading to this version from 3.x. Please backup your settings first.
• This version firmware does NOT include the following features:
  • File Sharing
  • Captive Portal
  • Automatic Upgrade
  • RS485
  • GPS
  • Mesh
• This admin panel does NOT include the following languages:
  • French
  • Korean
  • Russian
• Limited by CPU performance and storage space, this version firmware also does NOT include Network Storage fature. (Allow users to install via plug-in after exroot)

OpenWrt Upgrade

• Built based on OpenWrt 22.03.4 (AR300,AR750,AR750S,X300B,X750,XE300,MT300N-V2,MT1300,E750).
• Built based on OpenWrt 21.02.2 (B1300).
• Built based on OpenWrt 18.06 (SFT1200).

New Features

• Added Scheduled Tasks feature.
• Added Overview page to display system loading and set LED.
• Added Multi-WAN feature, allowing users to switch between failover and load balancing modes.
• Added Drop-in Gateway feature.

Optimization

• Refactored and optimized System Architecture.
• Redesigned interface UI.
• Optimized sidebar structure.
• Refactored and optimized repeater feature.
• Refactored and optimized VPN features.
• Refactored and optimized clients feature.
• Optimized Cellular Settings feature.
• Optimized DNS faeture.
• Optimized MAC Clone feature, which has been renamed to MAC address.
• Optimized IPv6 feature with the addition of Native mode.
• Optimized Guest Wi-Fiwith the addition of SSID Visibility option.
• Optimized DDNS Test.
• Optimized connections with GoodCloud.

BUG fix

• Fixed the TTL settings not taking effect when fw4 is used.

Security

1. Fixed shell injection vulnerabilities.
   

New features

1. Support upgrade to sdk4.x.
   

Important bugfix

1. Fixed SF1200/SFT1200 VPN data leaks.
   
2. Fixed MT300N-V2 switch does not reset after the network is restarted.
   
3. Fixed X750 wireless initialization exception.
   
4. Fixed B2200 WiFi mac error.
   
5. Fixed B2200 MESH clients display error.
   
6. Fixed B2200 MESH link instability.
   
7. Fixed B2200 MESH status LED display error.
   
8. Fixed B2200 MESH network failure after the upgrade.
   
9. Fixed B2200 MESH sub-router web error message.
   
10. Fixed AX1800 USB output is powered off because the manual modem reset.
    
11. Fixed Wireguard client reconnect failure in some scenarios.
    
12. Fixed Error occurs when the wireguare client name contains spaces.
    

System

1. Based on openwrt 19.07.8 (AR150,MIFI,AR300M,USB150,N300,AR750,AR750S,X750,E750,XE300,MT1300,MT300N-V2,MV1000)
   
2. Based on QSDK11 (B1300,S1300,AP1300,B2200,AX1800)
   
3. Based on Siflower SDK (SF1200,SFT1200)
   

V4.3.27

Overview

This version mainly fixed some known bugs.

Bug Fixes

• Fixed the issue where the transmit power was abnormal in certain situations.

V4.3.25

Overview

This version fixes some security vulnerabilities.

Synchronize Updated Models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

V4.3.22

Overview

This version mainly includes new features.

Synchronized Updated Model

Shadow (GL-AR300M16)

New Features

• Support web access in extender mode.

Bug Fixes

• Fixed the issue where the external module display SMS icon is empty when clicked.
• Fixed the issue where the cloud platform goes online, the model field of the device displays an error

V4.3.18

Overview

This version fixes some security vulnerabilities.

Supported models

Slate (GL-AR750S), Creta (GL-AR750), Mudi (GL-E750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Puli (GL-XE300), Convexa-B (GL-B1300), Cirrus (GL-AP1300).

V4.3.17

Overview

This version fixes some security vulnerabilities and other bugs.

Supported models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

Bug fixes

• Fixed the issue that the Web may show an error message when modifying the Maximum Number of Users or DHCP Gateway in the LAN page.
• Fixed the issue that some disconnected Wi-Fi clients still show online in the client list.
• Fixed the issue that the color of the online upgrade dialog is abnormal under the dark theme.
• Fixed the issue that GL-SFT1200 can not be upgraded online.
• Fixed the issue that the client device cannot access the Internet IPv6 address in Static IPv6 mode of GL-SFT1200.
• Fixed some interface text errors.

V4.3.11

Overview

This firmware release provides optimizations, bug fixes, and fixes for security vulnerabilities.

Supported Models

GL-AR300M,GL-AR300M16,GL-AR750,GL-AR750S,GL-B1300,GL-MT300N-V2,GL-MT1300,GL-SFT1200 and GL-X750

New features

• Added language support for Korean.
• (Only available on GL-X750) Added some software packages: kmod-fs-vfat, kmod-fs-ntfs, kmod-fs-ext4, e2fsprogs.

Bug fixes

• Fixed an issue with GL-MT300N-V2 where the dip switch and the UI display were reversed.
• Fixed an issue with GL-MT300N-V2 where wireless terminals could not obtain an address after successfully switching to the Extend and WDS modes.
• Fixed an issue where two routers acting as the VPN server and the VPN client respectively could not automatically reconnect after disconnection due to network volatility.
• Fixed an issue where client devices connected through an ethernet cable would not automatically reconnect after the LAN IP address was modified.
• Fixed a conflicted that occurred with GL-SFT1200 between PPPoE protocol with VLAN ID and hardware acceleration.
• Fixed an error that happened when a device using PPPoE protocol first switched to the Extender mode and then restored the Route mode.
• Fixed various known vulnerabilities.

V4.3.10

Overview

This version mainly includes optimizations, bug fixes, and security vulnerability resolutions, as shown below.

This release is available for the following models:
GL-AR300M Shadow
GL-AR300M16 Shadow
GL-AR750 Creta
GL-AR750S-EXT Slate
GL-B1300 Convexa-B
GL-MT300N-V2 Mango
GL-MT1300 Beryl

Bug fixes

• Fixed deadlock issue in mwan3.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

Cautions

• Your settings can NOT be kept when upgrading to this version from 3.x. Please backup your settings first.
• This version firmware does NOT include the following features:
  • File Sharing
  • Captive Portal
  • Automatic Upgrade
  • RS485
  • GPS
  • Mesh
• This admin panel does NOT include the following languages:
  • French
  • Korean
  • Russian
• Limited by CPU performance and storage space, this version firmware also does NOT include Network Storage fature. (Allow users to install via plug-in after exroot)

OpenWrt Upgrade

• Built based on OpenWrt 22.03.4 (AR300,AR750,AR750S,X300B,X750,XE300,MT300N-V2,MT1300,E750).
• Built based on OpenWrt 21.02.2 (B1300).
• Built based on OpenWrt 18.06 (SFT1200).

New Features

• Added Scheduled Tasks feature.
• Added Overview page to display system loading and set LED.
• Added Multi-WAN feature, allowing users to switch between failover and load balancing modes.
• Added Drop-in Gateway feature.

Optimization

• Refactored and optimized System Architecture.
• Redesigned interface UI.
• Optimized sidebar structure.
• Refactored and optimized repeater feature.
• Refactored and optimized VPN features.
• Refactored and optimized clients feature.
• Optimized Cellular Settings feature.
• Optimized DNS faeture.
• Optimized MAC Clone feature, which has been renamed to MAC address.
• Optimized IPv6 feature with the addition of Native mode.
• Optimized Guest Wi-Fiwith the addition of SSID Visibility option.
• Optimized DDNS Test.
• Optimized connections with GoodCloud.

BUG fix

• Fixed the TTL settings not taking effect when fw4 is used.

V4.3.30

Overview

This version mainly fixed some known bugs and security vulnerabilities. This is a beta firmware, which has only undergone basic testing. Please use with caution and contact support@gl-inet.com if you encounter any problems.

Bug Fixes

• 2026-05-29: Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

V4.3.29

Overview

This version mainly fixed some known bugs and security vulnerabilities.

V4.3.25

Overview

This version fixes some security vulnerabilities.

Synchronize Updated Models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

V4.3.18

Overview

This version fixes some security vulnerabilities.

Supported models

Slate (GL-AR750S), Creta (GL-AR750), Mudi (GL-E750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Puli (GL-XE300), Convexa-B (GL-B1300), Cirrus (GL-AP1300).

V4.3.17

Overview

This version fixes some security vulnerabilities and other bugs.

Supported models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

Bug fixes

• Fixed the issue that the Web may show an error message when modifying the Maximum Number of Users or DHCP Gateway in the LAN page.
• Fixed the issue that some disconnected Wi-Fi clients still show online in the client list.
• Fixed the issue that the color of the online upgrade dialog is abnormal under the dark theme.
• Fixed the issue that GL-SFT1200 can not be upgraded online.
• Fixed the issue that the client device cannot access the Internet IPv6 address in Static IPv6 mode of GL-SFT1200.
• Fixed some interface text errors.

V4.3.11

Overview

This firmware release provides optimizations, bug fixes, and fixes for security vulnerabilities.

Supported Models

GL-AR300M,GL-AR300M16,GL-AR750,GL-AR750S,GL-B1300,GL-MT300N-V2,GL-MT1300,GL-SFT1200 and GL-X750

New features

• Added language support for Korean.
• (Only available on GL-X750) Added some software packages: kmod-fs-vfat, kmod-fs-ntfs, kmod-fs-ext4, e2fsprogs.

Bug fixes

• Fixed an issue with GL-MT300N-V2 where the dip switch and the UI display were reversed.
• Fixed an issue with GL-MT300N-V2 where wireless terminals could not obtain an address after successfully switching to the Extend and WDS modes.
• Fixed an issue where two routers acting as the VPN server and the VPN client respectively could not automatically reconnect after disconnection due to network volatility.
• Fixed an issue where client devices connected through an ethernet cable would not automatically reconnect after the LAN IP address was modified.
• Fixed a conflicted that occurred with GL-SFT1200 between PPPoE protocol with VLAN ID and hardware acceleration.
• Fixed an error that happened when a device using PPPoE protocol first switched to the Extender mode and then restored the Route mode.
• Fixed various known vulnerabilities.

V4.3.10

Overview

This version mainly includes optimizations, bug fixes, and security vulnerability resolutions, as shown below.

This release is available for the following models:
GL-AR300M Shadow
GL-AR300M16 Shadow
GL-AR750 Creta
GL-AR750S-EXT Slate
GL-B1300 Convexa-B
GL-MT300N-V2 Mango
GL-MT1300 Beryl

Bug fixes

• Fixed deadlock issue in mwan3.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

Cautions

• Your settings can NOT be kept when upgrading to this version from 3.x. Please backup your settings first.
• This version firmware does NOT include the following features:
  • File Sharing
  • Captive Portal
  • Automatic Upgrade
  • RS485
  • GPS
  • Mesh
• This admin panel does NOT include the following languages:
  • French
  • Korean
  • Russian
• Limited by CPU performance and storage space, this version firmware also does NOT include Network Storage fature. (Allow users to install via plug-in after exroot)

OpenWrt Upgrade

• Built based on OpenWrt 22.03.4 (AR300,AR750,AR750S,X300B,X750,XE300,MT300N-V2,MT1300,E750).
• Built based on OpenWrt 21.02.2 (B1300).
• Built based on OpenWrt 18.06 (SFT1200).

New Features

• Added Scheduled Tasks feature.
• Added Overview page to display system loading and set LED.
• Added Multi-WAN feature, allowing users to switch between failover and load balancing modes.
• Added Drop-in Gateway feature.

Optimization

• Refactored and optimized System Architecture.
• Redesigned interface UI.
• Optimized sidebar structure.
• Refactored and optimized repeater feature.
• Refactored and optimized VPN features.
• Refactored and optimized clients feature.
• Optimized Cellular Settings feature.
• Optimized DNS faeture.
• Optimized MAC Clone feature, which has been renamed to MAC address.
• Optimized IPv6 feature with the addition of Native mode.
• Optimized Guest Wi-Fiwith the addition of SSID Visibility option.
• Optimized DDNS Test.
• Optimized connections with GoodCloud.

BUG fix

• Fixed the TTL settings not taking effect when fw4 is used.

System

1. Based on openwrt 19.07.8 (AR150,MIFI,AR300M,USB150,N300,AR750,AR750S,X750,E750,XE300,MT1300,MT300N-V2,MV1000)
   
2. Based on QSDK11 (B1300,S1300,AP1300,B2200,AX1800)
   
3. Based on Siflower SDK (SF1200,SFT1200)
   

Security

1. Fixed shell injection vulnerabilities.
   

New features

1. Support upgrade to sdk4.x.
   

Important bugfix

1. Fixed SF1200/SFT1200 VPN data leaks.
   
2. Fixed MT300N-V2 switch does not reset after the network is restarted.
   
3. Fixed X750 wireless initialization exception.
   
4. Fixed B2200 WiFi mac error.
   
5. Fixed B2200 MESH clients display error.
   
6. Fixed B2200 MESH link instability.
   
7. Fixed B2200 MESH status LED display error.
   
8. Fixed B2200 MESH network failure after the upgrade.
   
9. Fixed B2200 MESH sub-router web error message.
   
10. Fixed AX1800 USB output is powered off because the manual modem reset.
    
11. Fixed Wireguard client reconnect failure in some scenarios.
    
12. Fixed Error occurs when the wireguare client name contains spaces.
    

V4.3.25

Overview

This version fixes some security vulnerabilities.

Synchronize Updated Models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

V4.3.18

Overview

This version fixes some security vulnerabilities.

Supported models

Slate (GL-AR750S), Creta (GL-AR750), Mudi (GL-E750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Puli (GL-XE300), Convexa-B (GL-B1300), Cirrus (GL-AP1300).

V4.3.17

Overview

This version fixes some security vulnerabilities and other bugs.

Supported models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

Bug fixes

• Fixed the issue that the Web may show an error message when modifying the Maximum Number of Users or DHCP Gateway in the LAN page.
• Fixed the issue that some disconnected Wi-Fi clients still show online in the client list.
• Fixed the issue that the color of the online upgrade dialog is abnormal under the dark theme.
• Fixed the issue that GL-SFT1200 can not be upgraded online.
• Fixed the issue that the client device cannot access the Internet IPv6 address in Static IPv6 mode of GL-SFT1200.
• Fixed some interface text errors.

V4.3.11

Overview

This firmware release provides optimizations, bug fixes, and fixes for security vulnerabilities.

Supported Models

GL-AR300M,GL-AR300M16,GL-AR750,GL-AR750S,GL-B1300,GL-MT300N-V2,GL-MT1300,GL-SFT1200 and GL-X750

New features

• Added language support for Korean.
• (Only available on GL-X750) Added some software packages: kmod-fs-vfat, kmod-fs-ntfs, kmod-fs-ext4, e2fsprogs.

Bug fixes

• Fixed an issue with GL-MT300N-V2 where the dip switch and the UI display were reversed.
• Fixed an issue with GL-MT300N-V2 where wireless terminals could not obtain an address after successfully switching to the Extend and WDS modes.
• Fixed an issue where two routers acting as the VPN server and the VPN client respectively could not automatically reconnect after disconnection due to network volatility.
• Fixed an issue where client devices connected through an ethernet cable would not automatically reconnect after the LAN IP address was modified.
• Fixed a conflicted that occurred with GL-SFT1200 between PPPoE protocol with VLAN ID and hardware acceleration.
• Fixed an error that happened when a device using PPPoE protocol first switched to the Extender mode and then restored the Route mode.
• Fixed various known vulnerabilities.

V4.3.10

Overview

This version mainly includes optimizations, bug fixes, and security vulnerability resolutions, as shown below.

This release is available for the following models:
GL-AR300M Shadow
GL-AR300M16 Shadow
GL-AR750 Creta
GL-AR750S-EXT Slate
GL-B1300 Convexa-B
GL-MT300N-V2 Mango
GL-MT1300 Beryl

Bug fixes

• Fixed deadlock issue in mwan3.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

Cautions

• Your settings can NOT be kept when upgrading to this version from 3.x. Please backup your settings first.
• This version firmware does NOT include the following features:
  • File Sharing
  • Captive Portal
  • Automatic Upgrade
  • RS485
  • GPS
  • Mesh
• This admin panel does NOT include the following languages:
  • French
  • Korean
  • Russian
• Limited by CPU performance and storage space, this version firmware also does NOT include Network Storage fature. (Allow users to install via plug-in after exroot)

OpenWrt Upgrade

• Built based on OpenWrt 22.03.4 (AR300,AR750,AR750S,X300B,X750,XE300,MT300N-V2,MT1300,E750).
• Built based on OpenWrt 21.02.2 (B1300).
• Built based on OpenWrt 18.06 (SFT1200).

New Features

• Added Scheduled Tasks feature.
• Added Overview page to display system loading and set LED.
• Added Multi-WAN feature, allowing users to switch between failover and load balancing modes.
• Added Drop-in Gateway feature.

Optimization

• Refactored and optimized System Architecture.
• Redesigned interface UI.
• Optimized sidebar structure.
• Refactored and optimized repeater feature.
• Refactored and optimized VPN features.
• Refactored and optimized clients feature.
• Optimized Cellular Settings feature.
• Optimized DNS faeture.
• Optimized MAC Clone feature, which has been renamed to MAC address.
• Optimized IPv6 feature with the addition of Native mode.
• Optimized Guest Wi-Fiwith the addition of SSID Visibility option.
• Optimized DDNS Test.
• Optimized connections with GoodCloud.

BUG fix

• Fixed the TTL settings not taking effect when fw4 is used.

V4.7.2

Overview

This version introduces several new features and enhancements that improve the interface interaction for overall user experience.

New Features

• Added device initialization wizard, including administrator and WiFi password, networking, VPN and other core function settings.
• Added the Cloud account login function, supporting device binding to the cloud from the firmware web page.
• Added Domain Name List Subscription function, support VPN policy and parental control to subscribe to online domain name or IP list via URL.
• Added the AP Isolation function.
• Added the Luci Access Restriction function.
• Added the Network Port Management page, supporting scheduled and restart of automatic Ethernet MAC updates, WAN/LAN port switching, and displaying network port negotiation rates.
• Added NordVPN, PIA, Surfshark, Hideme, IPVanish WireGuard VPN, and support AzireVPN registration function.

Optimization

• Optimized the process for manually adding the WireGuard client configuration file and supporting automatic key generation.
• Optimized the process for configuring vendor profiles for VPN clients.
• Optimized Repeater random MAC setting, supporting scheduled and restart of automatic Repeater MAC updates.
• Optimized the flow of Multi-WAN load network status detection.
• Optimized OpenVPN Client functionality to allow modification of configuration file names.
• Optimized page names in the web Administration Panel so that the router is host name appears in the browser tab.
• Optimized page interactions such as interface error messages and inputable drop-down list designs.
• Upgraded Tor to version 0.4.8.9.

System

1. Based on openwrt 19.07.8 (AR150,MIFI,AR300M,USB150,N300,AR750,AR750S,X750,E750,XE300,MT1300,MT300N-V2,MV1000)
   
2. Based on QSDK11 (B1300,S1300,AP1300,B2200,AX1800)
   
3. Based on Siflower SDK (SF1200,SFT1200)
   

Security

1. Fixed shell injection vulnerabilities.
   

New features

1. Support upgrade to sdk4.x.
   

Important bugfix

1. Fixed SF1200/SFT1200 VPN data leaks.
   
2. Fixed MT300N-V2 switch does not reset after the network is restarted.
   
3. Fixed X750 wireless initialization exception.
   
4. Fixed B2200 WiFi mac error.
   
5. Fixed B2200 MESH clients display error.
   
6. Fixed B2200 MESH link instability.
   
7. Fixed B2200 MESH status LED display error.
   
8. Fixed B2200 MESH network failure after the upgrade.
   
9. Fixed B2200 MESH sub-router web error message.
   
10. Fixed AX1800 USB output is powered off because the manual modem reset.
    
11. Fixed Wireguard client reconnect failure in some scenarios.
    
12. Fixed Error occurs when the wireguare client name contains spaces.
    

V4.8.3

Cautions

The OpenWRT version has been upgraded. Please do NOT keep settings when downgrading to an earlier version. Please backup your settings first.

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience.

New Features

• Added VPN multi-instance to support enabling multiple VPN clients simultaneously.
• Added VPN composite policy for traffic diversion based on multiple criteria, including source interface, source MAC address, and destination domain/IP.
• Added an option to enable or disable VPN internet access on the Clients page, which is effective only for MAC-based VPN policies.
• Added the isolation feature between the Guest Network and the Upstream network.
• Added HTTPS support for RTTY.
• Added a one-click option to send logs to technical support.
• Added IPv6 support for VPN.

Optimization

• Refactored the Cellular function for improved performance and user interface, supporting more parameter configurations and status displays.
• Redesigned the UI style, improved the Web Admin Panel topology, and introduced new controls to support the presentation of complex services.
• Optimized the guidance of VPN functionality to simplify usage.
• Optimized VPN configuration to support IPv6.
• Optimized the export of client configuration files for the VPN Server, allowing users to manually enter the server address in the configuration file.
• Optimized the Clients page, supporting quick setting of reserved IP addresses.
• Optimized the Log display to support filtering by Log level, module, and keywords, as well as exporting more debugging information.
• Optimized the GoodCloud platform's device binding functionality.
• Optimized the display of VPN Server page status information.
• Improved the ease of use of the AstroWarp functionality.
• Upgraded OpenVPN to version 2.6.12, support dco to improve OpenVPN performance.
• Upgraded Dnscrypt-proxy to version 2.1.5.
• Upgraded Stubby to version 0.4.3.
• Upgraded Zerotier to version 1.14.1.
• Replaced NTPD with Chrony, which supports the NTS protocol.
• Optimized the Repeater's detection logic of Captive Portal to be compatible with identifying more authentication pages in different formats.
• Optimized the switching logic of the Repeater; when the internet is already connected, the repeater will not scan for available networks to ensure wireless communication quality.
• Optimized the Upgrade function, replacing Release Candidate with Gray Release.

Bug Fixes

• Fixed security vulnerability CVE-2025-44018
• Merge the patch related to CVE-2025-62526.

V4.6.8

Overview

This version mainly focuses on fixing a few known bugs.

Synchronized Updated Models

Flint (GL-AX1800), Slate AX (GL-AXT1800), Beryl AX (GL-MT3000), Brume 2 (GL-MT2500)/(GL-MT2500A), Flint 2 (GL-MT6000).

Improvement

• Upgrade AdGuard Home version to v0.107.52.

Bug Fixes

• Fixed the issue where, after enabling the VPN client and using Global Proxy, enabling AdGuard Home to handle client requests resulted in only localhots 127.0.0.1 appearing in the client list on the settings page.
• Fixed the issue that TCP port can be probed when WireGuard Server is enabled.
• Fixed the issue where the 5G wireless disappeared after the device relayed an upstream device with a 5G channel set to 20M dfs.
• Fixed the issue that resulted in unusual log messages.
• Fixed the issue where the router's own DNS requests always went through the dnsmasq proxy after switching DNS settings on the page.

V4.6.6

Overview

This version mainly focuses on fixing a few known bugs.

Supported Models

Flint (GL-AX1800), Slate AX (GL-AXT1800).

Bug Fixes

• Fixed the issue that v4.2.3 reserved configuration upgrade to v4.6.4 would cause wirelessGUI loss.
• Fixed the problem of abnormal messages appearing in the log.

V4.6.4

Overview

This version mainly focuses on fixing a few known bugs and fixes some security vulnerabilities to enhance the user experience.

Supported Models

GL-AX1800, GL-AXT1800, GL-MT2500/GL-MT2500A, GL-MT3000, GL-MT6000.

Improvement

• Updated WiFi driver(MT3000).

Bug Fixes

• Fixed an issue with DNS leaks when upgrading from version 4.5.x reserved configurations to 4.6.x with VPN connected.
• Fixed the issue that when the 5G main network is not a DFS channel, the 5G main network page will be opened again with a prompt of about 3s for DFS channel availability detection.
• Fixed a relay scan timeout issue when the WiFi was configured with DFS channels.
• Fixed the issue where the relay icon did not turn gray when disconnecting the relay connection while the internet connection mode was set to relay and wired.
• Fixed the issue where language packs were not retained after upgrading with preserved configuration.
• Fixed the issue where PC WebDAV access would show no data, after enabling WebDAV, inserting a USB drive, and rebooting.
• Fixed the issue where RTTY-WEB remote access encountered relay scan errors and failed to relay.
• Fixed a crash of the device's WiFi driver when connecting with a D-Link DWA-192 AC1900 network adapter to 2.4G WiFi.
• Corrected an issue where adding and applying any custom rule in parental control had no effect on Google Chrome.
• Fixed an issue where trunks were configured with static IPs, and the trunks showed up as connected even though the trunks were disconnected.
• Fixed the issue of DNS leakage when VPN Client and DNS encryption are enabled.
• Corrected a problem where switching internet connection modes did not update the IP address in DDNS resolution.
• Fixed an issue where videos and images on the USB drive could not be accessed after inserting a USB drive, enabling DLNA, and soft resetting the device.
• Resolved a DNS leak issue when switching VPN policy from global proxy to IP/domain-based mode.
• Fixed the issue that the client's hostname was reported to the relay's superior after the relay set a random MAC.
• Fixed the issue that the WAN port does not show IPv6 address when connecting to a VPN client and then enabling IPv6.
• Addressed a program crash caused by relay scanning when no other APs were nearby.
• Corrected a crash caused by wireless scanning of SSIDs containing carriage return characters.
• Fixed the issue where accessing the device management page using an IPv6 address displayed incorrect MAC cloning information for Ethernet and relay.
• Fixed the issue where the WebDAV function did not work properly when using an account or password with a length of 64-bit characters.
• Fixed the issue that after pulling Mullvad VPN configuration, when the corresponding Public Key is deleted from the Mullvad website and the configuration is pulled again, the IP address in the pulled configuration changes to 'The'.
• Resolved the issue of relay scanning crashing when IBSS exists in the surrounding area.
• Fixed the issue where firewall rules would occasionally disappear after rebooting the device following a connection to wgclient.
• Fixed the issue where dip switch is bound to wireguard client, the device turns on ovpn client, and restarting the device causes vpn policy to fail.
• Fixed the issue where the killswitch failed to work when the DNS service was proxied by the AdGuard program or an encrypted DNS program, and the VPN was in a connected state.

V4.6.2

Overview

This version mainly provides the following improvements:

• Improved the user experience with the repeater feature. Resolved an issue where most hotspots using Captive Portal could not be repeated.
• Improved the display of IPv6 addresses, and added support for customization of the interface language packs.

Supported models

Flint (GL-AX1800), Slate AX (GL-AXT1800), Beryl AX (GL-MT3000), Brume 2 (GL-MT2500)/(GL-MT2500A), Flint 2 (GL-MT6000).

New features

• Added the Login Mode for Public Hotspots and the Camouflage Mode. This resolved an issue where most hotspots using Captive Portal could not be repeated.
• Added the option to use a randomized BSSID to prevent devices from being traced by BSSID.
• Added the UI language pack management feature. This allows adding additional language packs and subscribing to language pack updates.
• Added an option to choose whether the VPN interface uses manually configured DNS. This allows using the VPN's DNS servers, if Encrypted DNS or AdGuard Home is enabled.
• Added support for port range forwarding and port forwarding rule prioritization options.
• Added TTL, HL, and MTU options for each interface.
• Added support for connecting to Wi-Fi via QR code.

Improvements

• Optimized the repeater feature to enhance performance and user experience. Added support for configuring MAC address for SSIDs individually.
• Optimized the display of IPv6 address on the Internet page and the Client page.
• Optimized the MAC address setting logic to support cloning or setting random MAC addresses for each interface.
• Optimized the status display on the Tethering interface to make a clear distinction between 'disabled' and 'enabled but no device'.
• Optimized the port forwarding feature. It now has its own page within the admin panel and can function simultaneously as DMZ. The port opening (previously on the Firewall page) has been moved to the Security page.
• Optimized the logic of jumping after LAN IP is modified so that users do not need to sign in again.
• Optimized the logic of guest network enabling. If guest Wi-Fi is disabled, guest network will also be disabled.
• Optimized the logic of toggle switches. When rebooting a device, the enabling status of corresponding services (such as VPN) will be set according to the status of the toggle switch.
• Removed the length restriction on mobile phone number in SMS sending and forwarding.
• Removed the option 'Force 20MHz Bandwidth For 2.4G' from the Repeater settings.
• Upgraded AdGuard Home to version 0.107.46.

Bug fixes

• Fixed an issue where reserved IP addresses were incorrectly sorted by IP if the IP address range was large.
• Fixed instances where abnormal issues would occur during firmware grade when “keep settings” was selected during IPv6 mode.
• Fixed an issue where the reset feature would not work when Tailscale was enabled.
• Fixed an issue where parental controls would not properly resolve domain names using capital letters (e.g., WWW.GOOGLE.COM).
• Fixed an issue where manually configured routes would not work in some cases when the VPN client was in custom routing proxy mode.
• Fixed an issue where the cellular interface would incorrectly determine the internet status of the IPv6 protocol.
• Fixed an issue where the manual DNS server address in the DNS interface would be invalid after disabling AdGuard Home.
• Fixed an issue where the imported WireGuard profiles with multi-line AllowedIPs entries were parsed incorrectly.
• Fixed an issue where re-uploading an OpenVPN profile ZIP file with an additional certificate file would not overwrite the old certificate file upload the first time. (This caused some configurations provided by the VPN service providers to not update properly when manually uploaded again.)
• Fixed an issue where the router would not recognize USB cellular modems using the M2 EM05G model.
• Fixed an issue that prevented the VPN from properly following the interface connection status for failover to function when using policy-based proxy mode.

V4.5.16

Overview

This firmware release provides fixes to some bugs and security vulnerabilities.

Supported Models

GL-A1300 Slate Plus, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-MT3000 Beryl AX, GL-MT2500/GL-MT2500A Brume 2

Improvements

• Optimized the client IP assignment policy in TAP-S2S mode when the device subnets of OpenVPN Client and OpenVPN Server were the same.
• Upgraded Tailscale to version 1.58.2.

Bug fixes

• Fixed an issue where multiple parsed AllowedIPs were incorrect when parsing the uploaded WireGuard client configuration files.
• Fixed an IP conflict issue that occured when adding a client profile to WireGuard after modifying the PeerIP of the WireGuard server configuration via SSH.
• Fixed an issue where the router’s Tailscale service data would be forwarded through a VPN tunnel when the VPN Client global mode was enabled.
• Fixed an issue where inbound data from non-VPN interfaces would not trigger port forwarding rules when VPN was enabled.
• Fixed an issue where some devices from the TAP-S2S OpenVPN client would not display properly on the client page.
• Fixed an issue where the OpenVPN server certificate may be lost after rebooting the device.
• Fixed an issue where the address’s description field was lost after upgrading to firmware v4.5.0 from v4.4.x when the user chose to keep router settings.
• Fixed an issue where selecting manual mode on the MAC address page and entering the factory default MAC address on the ethernet page would result in an unsuccessful configuration even after connecting to the repeater successfully at first.
• Fixed an issue where the network speed limit feature was still activated after enabling network speed limit, enabling network acceleration, and rebooting the device.
• Fixed some known vulnerabilities.

V4.5.0

Overview

This release version mainly enhances network security and fixes known issues with network status detection, providing users with the option to manually add languages in the language community and the option to pre-emptively experience the new version. It is compatible with Full Cone NAT and SIP ALG features found in other routers. Optimization, bug fixing, and vulnerability repair for more vendors are shown below.

This release is available for the following models:
GL-A1300 Slate Plus
GL-AX1800 Flint
GL-AXT1800 Slate AX
GL-MT3000 Beryl AX
GL-MT2500/GL-MT2500A Brume 2
GL-X300B Collie

New features

• Reconstructed mwan3 and renamed it as kmwan. Optimized failover and load balancing, as well as network status in various scenarios.
• Added the Security configuration page.
• Added grayscale testing design. Added RC version subscription and upgrade.
• Added the communityization of language packs to support manual addition.
• Added support for IPoE, and support for configuring VLAN ID during DHCP and static dialing.
• Added Full Cone NAT function.
• Added the SIP ALG option.
• Added new temperature protection setting for MTK Wi-Fi.

Improvements

• Optimized the side route UI interaction and add the option to turn off the DHCP server itself.
• Optimized the restart process of the relay program.
• [Only for GL-X300B Collie] Optimized the functionality of RS485, the UI, and localization.
• Optimized the Tailscale mechanism.
• Updated language files and pull translation scripts.

Bug fixes

• Fixed an issue where the interface jumped due to the incorrect change in the client's online time.
• Fixed an issue with the TTL settings not taking effect.
• Fixed an issue where scanning always indicated that it was in DFS when all interfaces were disabled.
• Fixed an issue of failing to enable Wi-Fi for the first time after upgrading.
• Fixed an issue of failing to connect to the AP due to a failure to parse IE_HT_CAP.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

V4.4.6 - Sep 8,2023

VPN

• Fixed the problem that the OpenVPN client cannot access the Internet after dialing up, either by rebooting the router or by restarting the feature.

WireGuard

• Fixed the problem that WireGuard client gets error 'Error: inet6 prefix is expected rather than' when connecting to server.
• Fixed the problem that the WireGuard client of the device under test does not disconnect after the WireGuard server of the device accompanying the test is shut down, and keeps showing the connection status.

Repeater

• Fixed the problem that the wireless network connection is abnormal after the router repeater DFS channel.

Tailscale

• Fixed the problem that when using PPPoE dialup, the Internet cannot be accessed when tailscale is enabled.
• Fixed the problem that the Good Cloud platform fails to connect when Tailscale is enabled.

Clients

• Fixed the problem that the black/white list function is not compatible with the old version of blacklist.

Upgrade

• Fixed the problem that online upgrade reports error '-4,fetch firmware name fail: network unreachable'.

DDNS

• Fixed the problem that all TCP ports are opened when DDNS is enabled to allow http/https access in reserved configurations.

LAN

• Fixed the problem that br-lan occasionally hangs when changing LAN IP.

Bug Fixes

Fixed the problem that after the MT3000 relays the 160M Hz hotspot, the AP becomes 20M.
Fixed the problem that the AX/AXT1800 cannot access the AP itself after relaying the DFS 140 channel.
Fixed the problem that parental control cannot block blacklist websites in newer browsers.
Fixed the externder working mode, the superior cannot ping the subordinate.
Fixed the problem that openvpn port forwarding fails after the reserved configuration is upgraded.
Fix the problem that mqtt cannot report SSID.
Fixed the problem that ddns occasional interface return error.
Fixed The relay cannot connect to Huawei TC7102 160MHz 5GWiFi.
Fix single sim card slot does not return dual sim card slot information.
Fixed the problem that after the adguardhome function is turned on on the A1300 and the adguardhome is turned off, the visitor has no network.
Fixed the problem that Openvpn Server and wireguard Server shut down remote access to the LAN subnet, but the Openvpn and wireguard clients can still access the IP address of the PC on the LAN side of the server.
Fixed the AP bridge mode, the bridge is not successful. The address assigned by the superior cannot be obtained.
Support-EM160R-EM060K-EM120K-RM520N-modem.
Fixed the problem that A1300 cannot recognize USB3.0 external modem.
Fixed the problem of abnormal equipment caused by the time zone or 160M bandwidth issued by the GoodCloud.
Correct the display problem of the LED light in the unconnected network mode.
Fixed the problem of unsuccessful dialing using external modem, QMI and QCM protocol dialing.
Roll back MTK SDK from v7.6.7.0 to v7.6.6.1.

Bug Fixes

Fixed a problem where the WiFi configuration page showed unavailable channel options.
Fixed a problem where NordVPN could not resolve DNS after keeping settings upgrade.
Fixed a problem where GL-MT3000 failed to recognize USB3.0 modem.
Fixed a problem where the IPV6 rate limiting does not take effect.
Fixed a problem where GL-MT3000 failed to repeat to iPhone 13 and TP-LINK ACR700.
Fixed a memory leak problem in GL-MT3000 when using QCM protocol.
Fixed a probabilistic issue where GL-MT3000 could not apply OpenVPN username and password.
Fixed switch button not taking effect when parental control is enabled on GL-A1300.
Fixed a BUG where clients could not access the internet after failover.

Optimizations

Disabled nginx access logs.
Optimized the MWAN3 online detection threshold.
Optimized the synchronization of configuration files in abnormal situations.
Optimized the repeater scan time of GL-MT3000.

Software Upgrade

Upgraded AdguardHome to V0.107.26.

Optimization

Improved IPv6 LAN Mode options. Separates the native and passthrough modes.
Improved the results and hints of the DDNS test.
Improved drop-in gateway feature with DHCP-based solution to increase stability.
Improved LED lighting logic to ensure consistency with the UI.
Improved interaction for MAC address cloning.
Improved networking status alerts in Internet page.
Improved interface tracking settings description for Multi-WAN.
Improved login page with automatic focus to password input box.
Improved VPN client configuration file view with files sorted by name.
Improved the switch name in the VPN global options for whether the GL.iNet service uses VPN or not.
Improved the interaction of set read-only users to read-write users in network storage.
Improved ADGuard Home feature to support seeing which client the request is coming from.

Language

Added German language.

New feature

Added Parental Control feature.
Added Zerotier feature.
Added Tailscale feature.
Added Clear Traffic Statistics button for in client page.
Added DHCP Gateway option for LAN.
Added SSID Visibility option for guest Wi-Fi.
Added support for GoodCloud alerts when new clients join.
Added support for comments for domain and IP profiles in VPN policy.

V4.8.4

Overview

This version mainly fixed some known bugs.

Optimization

• Optimized the AstroWarp feature design, allowing users to connect to the router using an access code without binding account or complex configurations. Users can also manage connections and top up plans directly on the router interface.

New Features

• Added support for the AmneziaWG 2.0 obfuscation protocol.

Important bugfix

1. fix ipv6: test-ipv6.com report fail
   
2. fix router policy mem leak
   
3. fix "cmnos_thread.c: 3656" type of wifi crash
   

New features

1. supports side router setup
   

V4.8.3

Overview

This version mainly fixed some known bugs and security vulnerabilities.

V4.8.2

Cautions

The OpenWRT version has been upgraded. Please do NOT keep settings when downgrading to an earlier version. Please backup your settings first.

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience.

New Features

• Added VPN multi-instance to support enabling multiple VPN clients simultaneously.
• Added VPN composite policy for traffic diversion based on multiple criteria, including source interface, source MAC address, and destination domain/IP.
• Added an option to enable or disable VPN internet access on the Clients page, which is effective only for MAC-based VPN policies.
• Added the isolation feature between the Guest Network and the Upstream network.
• Added HTTPS support for RTTY.
• Added a one-click option to send logs to technical support.
• Added IPv6 support for VPN.

Optimization

• Refactored the Cellular function for improved performance and user interface, supporting more parameter configurations and status displays.
• Redesigned the UI style, improved the Web Admin Panel topology, and introduced new controls to support the presentation of complex services.
• Optimized toggle switch functionality to support Repeater, Wi-Fi and LED light control.
• Optimized the guidance of VPN functionality to simplify usage.
• Optimized VPN configuration to support IPv6.
• Optimized the export of client configuration files for the VPN Server, allowing users to manually enter the server address in the configuration file.
• Optimized the Clients page, supporting quick setting of reserved IP addresses.
• Optimized the Log display to support filtering by Log level, module, and keywords, as well as exporting more debugging information.
• Optimized the GoodCloud platform's device binding functionality.
• Optimized the display of VPN Server page status information.
• Optimized the Repeater auto-switching logic.
• Improved the ease of use of the AstroWarp functionality.
• Upgraded OpenVPN to version 2.6.12.
• Upgraded Dnscrypt-proxy to version 2.1.5.
• Upgraded Stubby to version 0.4.3.
• Upgraded Zerotier to version 1.14.1.

Bug Fixes

• Fixed security vulnerability CVE-2025-44018

V4.6.11

Overview

This version mainly fixes some known bugs.

Synchronized Updated Model

Slate AX (GL-AXT1800).

Bug Fixes

• Fixed the issue of abnormal transmit power in some cases.
• Fixed the problem of abnormal display of channel list in some cases.

V4.6.8

Overview

This version mainly focuses on fixing a few known bugs.

Synchronized Updated Models

Flint (GL-AX1800), Slate AX (GL-AXT1800), Beryl AX (GL-MT3000), Brume 2 (GL-MT2500)/(GL-MT2500A), Flint 2 (GL-MT6000).

Improvement

• Upgrade AdGuard Home version to v0.107.52.

Bug Fixes

• Fixed the issue where, after enabling the VPN client and using Global Proxy, enabling AdGuard Home to handle client requests resulted in only localhots 127.0.0.1 appearing in the client list on the settings page.
• Fixed the issue that TCP port can be probed when WireGuard Server is enabled.
• Fixed the issue where the 5G wireless disappeared after the device relayed an upstream device with a 5G channel set to 20M dfs.
• Fixed the issue that resulted in unusual log messages.
• Fixed the issue where the router's own DNS requests always went through the dnsmasq proxy after switching DNS settings on the page.

V4.6.4

Overview

This version mainly focuses on fixing a few known bugs and fixes some security vulnerabilities to enhance the user experience.

Supported Models

GL-AX1800, GL-AXT1800, GL-MT2500/GL-MT2500A, GL-MT3000, GL-MT6000.

Improvement

• Updated WiFi driver(MT3000).

Bug Fixes

• Fixed an issue with DNS leaks when upgrading from version 4.5.x reserved configurations to 4.6.x with VPN connected.
• Fixed the issue that when the 5G main network is not a DFS channel, the 5G main network page will be opened again with a prompt of about 3s for DFS channel availability detection.
• Fixed a relay scan timeout issue when the WiFi was configured with DFS channels.
• Fixed the issue where the relay icon did not turn gray when disconnecting the relay connection while the internet connection mode was set to relay and wired.
• Fixed the issue where language packs were not retained after upgrading with preserved configuration.
• Fixed the issue where PC WebDAV access would show no data, after enabling WebDAV, inserting a USB drive, and rebooting.
• Fixed the issue where RTTY-WEB remote access encountered relay scan errors and failed to relay.
• Fixed a crash of the device's WiFi driver when connecting with a D-Link DWA-192 AC1900 network adapter to 2.4G WiFi.
• Corrected an issue where adding and applying any custom rule in parental control had no effect on Google Chrome.
• Fixed an issue where trunks were configured with static IPs, and the trunks showed up as connected even though the trunks were disconnected.
• Fixed the issue of DNS leakage when VPN Client and DNS encryption are enabled.
• Corrected a problem where switching internet connection modes did not update the IP address in DDNS resolution.
• Fixed an issue where videos and images on the USB drive could not be accessed after inserting a USB drive, enabling DLNA, and soft resetting the device.
• Resolved a DNS leak issue when switching VPN policy from global proxy to IP/domain-based mode.
• Fixed the issue that the client's hostname was reported to the relay's superior after the relay set a random MAC.
• Fixed the issue that the WAN port does not show IPv6 address when connecting to a VPN client and then enabling IPv6.
• Addressed a program crash caused by relay scanning when no other APs were nearby.
• Corrected a crash caused by wireless scanning of SSIDs containing carriage return characters.
• Fixed the issue where accessing the device management page using an IPv6 address displayed incorrect MAC cloning information for Ethernet and relay.
• Fixed the issue where the WebDAV function did not work properly when using an account or password with a length of 64-bit characters.
• Fixed the issue that after pulling Mullvad VPN configuration, when the corresponding Public Key is deleted from the Mullvad website and the configuration is pulled again, the IP address in the pulled configuration changes to 'The'.
• Resolved the issue of relay scanning crashing when IBSS exists in the surrounding area.
• Fixed the issue where firewall rules would occasionally disappear after rebooting the device following a connection to wgclient.
• Fixed the issue where dip switch is bound to wireguard client, the device turns on ovpn client, and restarting the device causes vpn policy to fail.
• Fixed the issue where the killswitch failed to work when the DNS service was proxied by the AdGuard program or an encrypted DNS program, and the VPN was in a connected state.

V4.6.2

Overview

This version mainly provides the following improvements:

• Improved the user experience with the repeater feature. Resolved an issue where most hotspots using Captive Portal could not be repeated.
• Improved the display of IPv6 addresses, and added support for customization of the interface language packs.

Supported models

Flint (GL-AX1800), Slate AX (GL-AXT1800), Beryl AX (GL-MT3000), Brume 2 (GL-MT2500)/(GL-MT2500A), Flint 2 (GL-MT6000).

New features

• Added the Login Mode for Public Hotspots and the Camouflage Mode. This resolved an issue where most hotspots using Captive Portal could not be repeated.
• Added the option to use a randomized BSSID to prevent devices from being traced by BSSID.
• Added the UI language pack management feature. This allows adding additional language packs and subscribing to language pack updates.
• Added an option to choose whether the VPN interface uses manually configured DNS. This allows using the VPN's DNS servers, if Encrypted DNS or AdGuard Home is enabled.
• Added support for port range forwarding and port forwarding rule prioritization options.
• Added TTL, HL, and MTU options for each interface.
• Added support for connecting to Wi-Fi via QR code.

Improvements

• Optimized the repeater feature to enhance performance and user experience. Added support for configuring MAC address for SSIDs individually.
• Optimized the display of IPv6 address on the Internet page and the Client page.
• Optimized the MAC address setting logic to support cloning or setting random MAC addresses for each interface.
• Optimized the status display on the Tethering interface to make a clear distinction between 'disabled' and 'enabled but no device'.
• Optimized the port forwarding feature. It now has its own page within the admin panel and can function simultaneously as DMZ. The port opening (previously on the Firewall page) has been moved to the Security page.
• Optimized the logic of jumping after LAN IP is modified so that users do not need to sign in again.
• Optimized the logic of guest network enabling. If guest Wi-Fi is disabled, guest network will also be disabled.
• Optimized the logic of toggle switches. When rebooting a device, the enabling status of corresponding services (such as VPN) will be set according to the status of the toggle switch.
• Removed the length restriction on mobile phone number in SMS sending and forwarding.
• Removed the option 'Force 20MHz Bandwidth For 2.4G' from the Repeater settings.
• Upgraded AdGuard Home to version 0.107.46.

Bug fixes

• Fixed an issue where reserved IP addresses were incorrectly sorted by IP if the IP address range was large.
• Fixed instances where abnormal issues would occur during firmware grade when “keep settings” was selected during IPv6 mode.
• Fixed an issue where the reset feature would not work when Tailscale was enabled.
• Fixed an issue where parental controls would not properly resolve domain names using capital letters (e.g., WWW.GOOGLE.COM).
• Fixed an issue where manually configured routes would not work in some cases when the VPN client was in custom routing proxy mode.
• Fixed an issue where the cellular interface would incorrectly determine the internet status of the IPv6 protocol.
• Fixed an issue where the manual DNS server address in the DNS interface would be invalid after disabling AdGuard Home.
• Fixed an issue where the imported WireGuard profiles with multi-line AllowedIPs entries were parsed incorrectly.
• Fixed an issue where re-uploading an OpenVPN profile ZIP file with an additional certificate file would not overwrite the old certificate file upload the first time. (This caused some configurations provided by the VPN service providers to not update properly when manually uploaded again.)
• Fixed an issue where the router would not recognize USB cellular modems using the M2 EM05G model.
• Fixed an issue that prevented the VPN from properly following the interface connection status for failover to function when using policy-based proxy mode.

V4.5.16

Overview

This firmware release provides fixes to some bugs and security vulnerabilities.

Supported Models

GL-A1300 Slate Plus, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-MT3000 Beryl AX, GL-MT2500/GL-MT2500A Brume 2

Improvements

• Optimized the client IP assignment policy in TAP-S2S mode when the device subnets of OpenVPN Client and OpenVPN Server were the same.
• Upgraded Tailscale to version 1.58.2.

Bug fixes

• Fixed an issue where multiple parsed AllowedIPs were incorrect when parsing the uploaded WireGuard client configuration files.
• Fixed an IP conflict issue that occured when adding a client profile to WireGuard after modifying the PeerIP of the WireGuard server configuration via SSH.
• Fixed an issue where the router’s Tailscale service data would be forwarded through a VPN tunnel when the VPN Client global mode was enabled.
• Fixed an issue where inbound data from non-VPN interfaces would not trigger port forwarding rules when VPN was enabled.
• Fixed an issue where some devices from the TAP-S2S OpenVPN client would not display properly on the client page.
• Fixed an issue where the OpenVPN server certificate may be lost after rebooting the device.
• Fixed an issue where the address’s description field was lost after upgrading to firmware v4.5.0 from v4.4.x when the user chose to keep router settings.
• Fixed an issue where selecting manual mode on the MAC address page and entering the factory default MAC address on the ethernet page would result in an unsuccessful configuration even after connecting to the repeater successfully at first.
• Fixed an issue where the network speed limit feature was still activated after enabling network speed limit, enabling network acceleration, and rebooting the device.
• Fixed some known vulnerabilities.

V4.5.0

Overview

This release version mainly enhances network security and fixes known issues with network status detection, providing users with the option to manually add languages in the language community and the option to pre-emptively experience the new version. It is compatible with Full Cone NAT and SIP ALG features found in other routers. Optimization, bug fixing, and vulnerability repair for more vendors are shown below.

This release is available for the following models:
GL-A1300 Slate Plus
GL-AX1800 Flint
GL-AXT1800 Slate AX
GL-MT3000 Beryl AX
GL-MT2500/GL-MT2500A Brume 2
GL-X300B Collie

New features

• Reconstructed mwan3 and renamed it as kmwan. Optimized failover and load balancing, as well as network status in various scenarios.
• Added the Security configuration page.
• Added grayscale testing design. Added RC version subscription and upgrade.
• Added the communityization of language packs to support manual addition.
• Added support for IPoE, and support for configuring VLAN ID during DHCP and static dialing.
• Added Full Cone NAT function.
• Added the SIP ALG option.
• Added new temperature protection setting for MTK Wi-Fi.

Improvements

• Optimized the side route UI interaction and add the option to turn off the DHCP server itself.
• Optimized the restart process of the relay program.
• [Only for GL-X300B Collie] Optimized the functionality of RS485, the UI, and localization.
• Optimized the Tailscale mechanism.
• Updated language files and pull translation scripts.

Bug fixes

• Fixed an issue where the interface jumped due to the incorrect change in the client's online time.
• Fixed an issue with the TTL settings not taking effect.
• Fixed an issue where scanning always indicated that it was in DFS when all interfaces were disabled.
• Fixed an issue of failing to enable Wi-Fi for the first time after upgrading.
• Fixed an issue of failing to connect to the AP due to a failure to parse IE_HT_CAP.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

V4.4.6 - Sep 8,2023

VPN

• Fixed the problem that the OpenVPN client cannot access the Internet after dialing up, either by rebooting the router or by restarting the feature.

WireGuard

• Fixed the problem that WireGuard client gets error 'Error: inet6 prefix is expected rather than' when connecting to server.
• Fixed the problem that the WireGuard client of the device under test does not disconnect after the WireGuard server of the device accompanying the test is shut down, and keeps showing the connection status.

Repeater

• Fixed the problem that the wireless network connection is abnormal after the router repeater DFS channel.

Tailscale

• Fixed the problem that when using PPPoE dialup, the Internet cannot be accessed when tailscale is enabled.
• Fixed the problem that the Good Cloud platform fails to connect when Tailscale is enabled.

Clients

• Fixed the problem that the black/white list function is not compatible with the old version of blacklist.

Upgrade

• Fixed the problem that online upgrade reports error '-4,fetch firmware name fail: network unreachable'.

DDNS

• Fixed the problem that all TCP ports are opened when DDNS is enabled to allow http/https access in reserved configurations.

LAN

• Fixed the problem that br-lan occasionally hangs when changing LAN IP.

Bug Fixes

Fixed the problem that after the MT3000 relays the 160M Hz hotspot, the AP becomes 20M.
Fixed the problem that the AX/AXT1800 cannot access the AP itself after relaying the DFS 140 channel.
Fixed the problem that parental control cannot block blacklist websites in newer browsers.
Fixed the externder working mode, the superior cannot ping the subordinate.
Fixed the problem that openvpn port forwarding fails after the reserved configuration is upgraded.
Fix the problem that mqtt cannot report SSID.
Fixed the problem that ddns occasional interface return error.
Fixed The relay cannot connect to Huawei TC7102 160MHz 5GWiFi.
Fix single sim card slot does not return dual sim card slot information.
Fixed the problem that after the adguardhome function is turned on on the A1300 and the adguardhome is turned off, the visitor has no network.
Fixed the problem that Openvpn Server and wireguard Server shut down remote access to the LAN subnet, but the Openvpn and wireguard clients can still access the IP address of the PC on the LAN side of the server.
Fixed the AP bridge mode, the bridge is not successful. The address assigned by the superior cannot be obtained.
Support-EM160R-EM060K-EM120K-RM520N-modem.
Fixed the problem that A1300 cannot recognize USB3.0 external modem.
Fixed the problem of abnormal equipment caused by the time zone or 160M bandwidth issued by the GoodCloud.
Correct the display problem of the LED light in the unconnected network mode.
Fixed the problem of unsuccessful dialing using external modem, QMI and QCM protocol dialing.
Roll back MTK SDK from v7.6.7.0 to v7.6.6.1.

Optimizations

Disabled nginx access logs.
Optimized the MWAN3 online detection threshold.
Optimized the synchronization of configuration files in abnormal situations.
Optimized the repeater scan time of GL-MT3000.

Software Upgrade

Upgraded AdguardHome to V0.107.26.

Bug Fixes

Fixed a problem where the WiFi configuration page showed unavailable channel options.
Fixed a problem where NordVPN could not resolve DNS after keeping settings upgrade.
Fixed a problem where GL-MT3000 failed to recognize USB3.0 modem.
Fixed a problem where the IPV6 rate limiting does not take effect.
Fixed a problem where GL-MT3000 failed to repeat to iPhone 13 and TP-LINK ACR700.
Fixed a memory leak problem in GL-MT3000 when using QCM protocol.
Fixed a probabilistic issue where GL-MT3000 could not apply OpenVPN username and password.
Fixed switch button not taking effect when parental control is enabled on GL-A1300.
Fixed a BUG where clients could not access the internet after failover.

Language

Added German language.

New feature

Added Parental Control feature.
Added Zerotier feature.
Added Tailscale feature.
Added Clear Traffic Statistics button for in client page.
Added DHCP Gateway option for LAN.
Added SSID Visibility option for guest Wi-Fi.
Added support for GoodCloud alerts when new clients join.
Added support for comments for domain and IP profiles in VPN policy.

Optimization

Improved IPv6 LAN Mode options. Separates the native and passthrough modes.
Improved the results and hints of the DDNS test.
Improved drop-in gateway feature with DHCP-based solution to increase stability.
Improved LED lighting logic to ensure consistency with the UI.
Improved interaction for MAC address cloning.
Improved networking status alerts in Internet page.
Improved interface tracking settings description for Multi-WAN.
Improved login page with automatic focus to password input box.
Improved VPN client configuration file view with files sorted by name.
Improved the switch name in the VPN global options for whether the GL.iNet service uses VPN or not.
Improved the interaction of set read-only users to read-write users in network storage.
Improved ADGuard Home feature to support seeing which client the request is coming from.

V4.8.4

Overview

This version mainly fixed some known bugs and security vulnerabilities.

Optimization

• Optimized the AstroWarp feature design, allowing users to connect to the router using an access code without binding account or complex configurations. Users can also manage connections and top up plans directly on the router interface.

New Features

• Added support for the AmneziaWG 2.0 obfuscation protocol.

V4.3.25

Overview

This version fixes some security vulnerabilities.

Synchronize Updated Models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

V4.3.18

Overview

This version fixes some security vulnerabilities.

Supported models

Slate (GL-AR750S), Creta (GL-AR750), Mudi (GL-E750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Puli (GL-XE300), Convexa-B (GL-B1300), Cirrus (GL-AP1300).

V4.3.17

Overview

This version fixes some security vulnerabilities and other bugs.

Supported models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

Bug fixes

• Fixed the issue that the Web may show an error message when modifying the Maximum Number of Users or DHCP Gateway in the LAN page.
• Fixed the issue that some disconnected Wi-Fi clients still show online in the client list.
• Fixed the issue that the color of the online upgrade dialog is abnormal under the dark theme.
• Fixed the issue that GL-SFT1200 can not be upgraded online.
• Fixed the issue that the client device cannot access the Internet IPv6 address in Static IPv6 mode of GL-SFT1200.
• Fixed some interface text errors.

V4.3.11

Overview

This firmware release provides optimizations, bug fixes, and fixes for security vulnerabilities.

Supported Models

GL-AR300M,GL-AR300M16,GL-AR750,GL-AR750S,GL-B1300,GL-MT300N-V2,GL-MT1300,GL-SFT1200 and GL-X750

New features

• Added language support for Korean.
• (Only available on GL-X750) Added some software packages: kmod-fs-vfat, kmod-fs-ntfs, kmod-fs-ext4, e2fsprogs.

Bug fixes

• Fixed an issue with GL-MT300N-V2 where the dip switch and the UI display were reversed.
• Fixed an issue with GL-MT300N-V2 where wireless terminals could not obtain an address after successfully switching to the Extend and WDS modes.
• Fixed an issue where two routers acting as the VPN server and the VPN client respectively could not automatically reconnect after disconnection due to network volatility.
• Fixed an issue where client devices connected through an ethernet cable would not automatically reconnect after the LAN IP address was modified.
• Fixed a conflicted that occurred with GL-SFT1200 between PPPoE protocol with VLAN ID and hardware acceleration.
• Fixed an error that happened when a device using PPPoE protocol first switched to the Extender mode and then restored the Route mode.
• Fixed various known vulnerabilities.

V4.3.10

Overview

This version mainly includes optimizations, bug fixes, and security vulnerability resolutions, as shown below.

This release is available for the following models:
GL-AR300M Shadow
GL-AR300M16 Shadow
GL-AR750 Creta
GL-AR750S-EXT Slate
GL-B1300 Convexa-B
GL-MT300N-V2 Mango
GL-MT1300 Beryl

Bug fixes

• Fixed deadlock issue in mwan3.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

Cautions

• Your settings can NOT be kept when upgrading to this version from 3.x. Please backup your settings first.
• This version firmware does NOT include the following features:
  • File Sharing
  • Captive Portal
  • Automatic Upgrade
  • RS485
  • GPS
  • Mesh
• This admin panel does NOT include the following languages:
  • French
  • Korean
  • Russian
• Limited by CPU performance and storage space, this version firmware also does NOT include Network Storage fature. (Allow users to install via plug-in after exroot)

OpenWrt Upgrade

• Built based on OpenWrt 22.03.4 (AR300,AR750,AR750S,X300B,X750,XE300,MT300N-V2,MT1300,E750).
• Built based on OpenWrt 21.02.2 (B1300).
• Built based on OpenWrt 18.06 (SFT1200).

New Features

• Added Scheduled Tasks feature.
• Added Overview page to display system loading and set LED.
• Added Multi-WAN feature, allowing users to switch between failover and load balancing modes.
• Added Drop-in Gateway feature.

Optimization

• Refactored and optimized System Architecture.
• Redesigned interface UI.
• Optimized sidebar structure.
• Refactored and optimized repeater feature.
• Refactored and optimized VPN features.
• Refactored and optimized clients feature.
• Optimized Cellular Settings feature.
• Optimized DNS faeture.
• Optimized MAC Clone feature, which has been renamed to MAC address.
• Optimized IPv6 feature with the addition of Native mode.
• Optimized Guest Wi-Fiwith the addition of SSID Visibility option.
• Optimized DDNS Test.
• Optimized connections with GoodCloud.

BUG fix

• Fixed the TTL settings not taking effect when fw4 is used.

New features

1. Support upgrade to sdk4.x.
   

Important bugfix

1. Fixed SF1200/SFT1200 VPN data leaks.
   
2. Fixed MT300N-V2 switch does not reset after the network is restarted.
   
3. Fixed X750 wireless initialization exception.
   
4. Fixed B2200 WiFi mac error.
   
5. Fixed B2200 MESH clients display error.
   
6. Fixed B2200 MESH link instability.
   
7. Fixed B2200 MESH status LED display error.
   
8. Fixed B2200 MESH network failure after the upgrade.
   
9. Fixed B2200 MESH sub-router web error message.
   
10. Fixed AX1800 USB output is powered off because the manual modem reset.
    
11. Fixed Wireguard client reconnect failure in some scenarios.
    
12. Fixed Error occurs when the wireguare client name contains spaces.
    

System

1. Based on openwrt 19.07.8 (AR150,MIFI,AR300M,USB150,N300,AR750,AR750S,X750,E750,XE300,MT1300,MT300N-V2,MV1000)
   
2. Based on QSDK11 (B1300,S1300,AP1300,B2200,AX1800)
   
3. Based on Siflower SDK (SF1200,SFT1200)
   

Security

1. Fixed shell injection vulnerabilities.
   

V3.218

Overview

This firmware release provides fixes to various bugs and security vulnerabilities.

Supported Models

Velica (GL-B2200), Brume (GL-MV1000), Brume-W (GL-MV1000W), Microuter (GL-USB150), microuter-N300, GL-SF1200.

Bug fixes

• Fixed an issue that the client device of the router could not get an IP address if the router as a VPN client disconnects and reconnects with an OpenVPN server in S2S-TAP mode.

System

1. Based on openwrt 19.07.8 (AR150,MIFI,AR300M,USB150,N300,AR750,AR750S,X750,E750,XE300,MT1300,MT300N-V2,MV1000)
   
2. Based on QSDK11 (B1300,S1300,AP1300,B2200,AX1800)
   
3. Based on Siflower SDK (SF1200,SFT1200)
   

Security

1. Fixed shell injection vulnerabilities.
   

New features

1. Support upgrade to sdk4.x.
   

Important bugfix

1. Fixed SF1200/SFT1200 VPN data leaks.
   
2. Fixed MT300N-V2 switch does not reset after the network is restarted.
   
3. Fixed X750 wireless initialization exception.
   
4. Fixed B2200 WiFi mac error.
   
5. Fixed B2200 MESH clients display error.
   
6. Fixed B2200 MESH link instability.
   
7. Fixed B2200 MESH status LED display error.
   
8. Fixed B2200 MESH network failure after the upgrade.
   
9. Fixed B2200 MESH sub-router web error message.
   
10. Fixed AX1800 USB output is powered off because the manual modem reset.
    
11. Fixed Wireguard client reconnect failure in some scenarios.
    
12. Fixed Error occurs when the wireguare client name contains spaces.
    

V4.5.22

Overview

This version fixed some security vulnerabilities.

V4.5.19

Overview

This version fixes some security vulnerabilities.

Supported Models

GL-X300B Collie, GL-A1300 Slate Plus, GL-B3000 Marble.

V4.5.18

Overview

This firmware version mainly fixes bugs.

Supported Models

GL-B3000

Improvements

Bug Fixes

• Fixed an issue where the device cloned the MAC of the PC on the LAN side and then switched the WAN port to LAN, and the MAC addresses conflicted.
• Fixed the issue that the device crashes when the manual MAC clone input is all 0 during relay networking.
• Fixed the issue that after 5G WiFi DFS channel detects radar signal evasion, setting DFS channel in the same band will cause wireless not to start.
• Fixed the issue that the parental control ruleset does not take effect.
• Fixed the issue that MAC address cloning of WAN2 port did not work in some cases.
• Fixed an issue where the relay interface MAC address was not synchronized when the MAC address was occasionally switched from the cloned client MAC back to the factory setting.
• Fixed the issue that if you modify 2.4G WiFi with 40 bandwidth to relay 20 bandwidth WiFi, and then switch to relay 5G WiFi without disconnecting the relay, 2.4G WiFi bandwidth is still 20.
• Fixed the problem of incorrect channel change after restarting with specific bandwidth setting.
• Fixed the problem of duplicate configuration prompt after VLAN ID deletion.
• Fixed the issue that modifying 5G WiFi encryption and changing wireless mode may cause the MAC to change to 0 and WiFi cannot be searched.
• Fixed the issue that after relaying a WiFi with Chinese characters in the SSID, the display is not normal when using the iw dev command.
• Fixed the issue that the 5G 144 channel does not have DFS channel identification when the WiFi country code is JP.
• Fixed the issue that the old VLAN ID value of WAN2 is not cleared when the device is in Dual WAN mode and the network is restored by pressing the reset button 4S on the device.
• Fixed the issue that the relay scanning timeout occurs when the AP is in DFS state.
• Fixed the issue that some WiFi with special characters cannot be relayed.
• Fixed the issue that the device can not get IPV6 address when switching to AP mode and then switching back to routing mode after IPV6 is enabled.
• Fixed the issue that the IPV6 address is not reachable when the device is switched to dual WAN mode and the cable of WAN2 port is switched to WAN1 port.
• Fixed the issue that the superior did not configure the VLAN ID, and after setting the VLAN ID value to 1, the device can get the IP address but cannot access the Internet.
• Fixed the issue that the device will fail to connect to 2.4G WiFi when relaying data in the known list for the first time, and will automatically switch to other WiFi in the known list.
• Fix the issue that the page prompts abnormality when the device opens dual WAN mode and unplugs the WAN1 port cable when configuring the WAN2 port.
• Fixed the issue that setting the wireless timer switch and switching the transmit power in the timer task does not take effect after the port number of HTTP is modified.
• Fixed the issue that the relay scanning page prompts that the EAP network is not supported to be relayed, but it can be scanned and relayed successfully in the test result.

V4.5.15

Overview

This firmware version mainly fixes bugs.

Supported Models

GL-B3000

Improvements

Bug Fixes

• Fixed the issue that SSID or Wi-Fi password with special characters would cause the Wi-Fi to fail to start up.
• Fixed the issue that encrypted DNS may be leaked under special scenarios.
• Fixed the issue where 5G Wi-Fi would probabilistically have a wrong MAC address under certain operations, causing the Wi-Fi to not be searched.
• Fixed the issue that after enabling Tailscale remote access, the device rebooted and the accompanying test device could not access the tested subordinate PC and the superior WAN-side PC.
• Fixed the issue where Tailscale had memory leaks under certain circumstances.
• Fixed the issue that when the device client is set to whitelist and switched to AP or WDS mode, the device cannot get the IP address assigned by the superior.
• Fixed the issue that the configuration may be lost after the device is powered off when switching black and white lists multiple times in quick succession.

V4.5.12

Overview

This version is mainly to optimize and fix bugs.

Supported Models

GL-B3000

Improvements

• Optimize WireGuard upload rate.
• Update tailscale version to 1.66.4.

Bug Fixes

• Bandwidth is not synchronized after successful relay.
• When relaying a wifi with Chinese name, the page displaying the relayed wifi name is abnormal.
• After successful relaying, the MAC address is not correct when checking the connection rate in the background.
• Fix the problem of interface setting failure when switching to high frequency channel.
• Occasionally 2.4G guest WiFi is not available.
• WiFi name is 32 characters and ends with English special character, background ESSID shows unknown.
• After turning on all WiFi and relaying 5G WiFi, turn off 5G WiFi of the device, the relay keeps disconnecting, and the front-end does not show relay status.
• When there is no network on the parent, kmwan detects IPv6 abnormally.
• Fix the problem that executing firstboot -y reboot does not reboot automatically after turning on tailscale.
• PPPOE dialing with VLANID when LAN1 is switched to WAN, then switch to WDS mode, and then switch back to routing mode, the VLANID of PPPOE needs to be re-entered to dial successfully.
• The secondwan function on the page adds a prompt corresponding to the WAN and LAN1 physical network ports.

V4.5.11

Overview

This is the initial firmware release for the b3000.

This release is available for the following models:
GL-B3000

V4.7.15

Overview

This version includes adjustments to enhance device security.

New Features

• Added a global SSH toggle.

Optimization

• Added a user privacy policy statement to the initialization wizard page.
• Added a security warning when WiFi security is set to OPEN.
• Optimized the network abnormal traffic protection mechanism, adding flood protection for ICMP and other protocols.
• LuCI functionality is no longer pre-installed; users can install LuCI with one click on the advanced settings page.
• Optimized Nginx log management, adding login and configuration change logs. Logs are automatically synchronized to Flash upon reboot.

V4.8.4

Overview

This is initial firmware.

V4.8.3

Overview

This version mainly fixed some known bugs.

Optimization

• Replaced NTPD with Chrony, which supports the NTS protocol.
• Optimized the Repeater's detection logic for Captive Portal to be compatible with and identify more authentication pages in different formats.
• Optimized the switching logic of the Repeater: when the internet is already connected, the repeater will not scan for available networks to ensure wireless communication quality.
• Optimized the AstroWarp feature design, allowing users to connect to the router using an access code without binding account or complex configurations. Users can also manage connections and top up plans directly on the router interface.

Bug Fixes

• Fixed security vulnerability CVE-2025-44018.
• Merge the patch related to CVE-2025-62526.
• Fixed the issue of iPhone 16 series failed to connect to MLO network.
• Fixed the issue where the WireGuard server cannot access the LAN IP of the WireGuard client without enabling SNAT.
• Fixed the issue where some iOS browsers displayed VPN Dashboard abnormally
• Fixed the issue where changing the failover priority would cause abnormal IPv6 internet access when both Multi-WAN and IPv6 are enabled.
• Fixed the issue where the IPv6 DNS was mistakenly pointed to Cloudflare (2606:4700:4700:1001) instead of the server's tunnel IP when the client connected to the OpenVPN server.
• Fixed the issue where DNS requests from clients that do not comply with VPN rules still reach AdGuard Home when All Other Traffic is disabled.
• Removed duplicate OpenDNS service provider in the options of Manual DNS settings.
• Fixed the issue where the WebDAV certificate address was replaced with the guest network address after modifying the latter, resulting in abnormal connections for LAN side devices.
• Fixed the issue where the port check function could not distinguish protocols in VPN server mode.
• Fixed the issue of no failure reminder when WireGuard port conflicts occurred.
• Fixed the issue where the exclusion list rule set did not take effect when two VPN tunnels were enabled.

V4.8.1

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience.

New Features

• Added VPN multi-instance, allowing support for enabling multiple VPN clients at the same time.
• Added VPN composite policy, allowing traffic diversion based on multiple criteria, including source interface, source MAC address, and destination domain/IP.
• Added an option to enable or disable VPN internet access on the Clients page, which is effective only when the VPN policy is based on MAC.
• Added the isolation feature between the Guest Network and the Upstream network.
• Added support for HTTPS in RTTY.
• Added a one-click option to send logs to technical support.
• Added support for IPv6 in VPN.

Optimization

• Refactored the Cellular function for improved performance and user interface, supporting more parameter configurations and status displays.
• Redesigned the UI style, improved the Web Admin Panel topology, and introduced new controls to support the presentation of complex services.
• Optimized toggle switch functionality to support Repeater, and Wi-Fi.
• Optimized the guidance of VPN functionality to simplify usage.
• Optimized VPN configuration to support IPv6.
• Optimized the export of client configuration files for the VPN Server, allowing users to manually enter the server address in the configuration file.
• Optimized the Clients page, supporting quick setting of reserved IP addresses.
• Optimized the Log display to support filtering by Log level, module, and keywords, as well as exporting more debugging information.
• Optimized the GoodCloud platform's device binding functionality.
• Optimized the display of VPN Server page status information.
• Optimized the Repeater auto-switching logic.
• Improved the ease of use of the AstroWarp functionality.
• Upgraded OpenVPN to version 2.6.12.
• Upgraded Dnscrypt-proxy to version 2.1.5.
• Upgraded Stubby to version 0.4.3.
• Upgraded Zerotier to version 1.14.1.

V4.7.3

Overview

This version primarily addresses some software bugs.

Bug Fixes

• Fixed the problem that the LCD Display Schedule could not be used due to the upgrade of reserved configuration.

V4.7.2

Overview

This version adds the new features of display managment and fixes some software bugs.

New Features

• Upgraded the system from 32-bit to 64-bit.
• Added software acceleration feature to optimize tethering speed.
• Added a display management feature to set the screen content and lock screen password.

Optimization

• Improved the the speed of OpenVPN and WireGuard.
• Enhanced the user experience by adding prompts related to USB device interactions.
• Improved the screen usage experience.

Bug Fixes

• Fixed the memory leak issue that occurred under specific conditions.
• Fixed an issue where enabling both AdGuard Home and the block non-VPN traffic option caused online upgrade detection to fail.
• Fixed a VPN leak issue that occurred when both the WireGuard client and IPv6 were enabled.
• Fixed a DNS leak issue that occurred under certain conditions when both VPN and AdGuard Home were enabled.
• Fixed an issue in VPN policy mode where using destination domain or IP-based rules allowed guest network clients to access the main network clients.
• Fixed an issue in TAP-S2S mode where downstream clients could not obtain an IP address after a successful OpenVPN connection.
• Fixed an issue where the WAN interface could not obtain an IPv6 address after the WAN and LAN ports were swapped.
• Fixed an issue where offline clients were displayed as local clients when they shared the same IP address.
• Fixed an issue where the default sorting for clients was not applied.
• Fixed an issue where modifying the Wi-Fi configuration on the cloud platform would automatically alter the Wi-Fi SSID visibility.
• Fixed an issue where the firmware compilation time was incorrectly displayed on the cloud platform.
• Fixed an issue where AP isolation failed to work after network acceleration was disabled in certain scenarios.
• Fixed an issue where obtaining an IP address was too slow during a repeater connection.
• Fixed an issue where retaining the configuration after disconnecting the repeater caused Wi-Fi configuration errors during an upgrade.
• Fixed an issue where the network status on the page was incorrectly displayed before portal authentication was completed.
• Fixed an issue where an abnormal power-off could cause the device to fail to start in rare cases.
• Fixed an issue where PPPoE dial-up failed under certain conditions.

V4.7.1

Overview

This version mainly adds some new features, fixes some problems and optimises the interface interaction to improve the user experience.

Synchronize Updated Model

Slate 7(GL-BE3600)

New Features

• Added the function of switching service providers on the screen.
• Added the function of displaying IP addresses in AP/WDS/Extender mode on the screen.
• Added the option to skip the operation wizard on the screen.

Bug Fixes

• Fixed the abnormal networking problem of Tethering on some mobile phones.
• Fixed the problem of displaying incorrect time zones on some time zones.
• Fixed the problem that changing the WAN port MAC address would cause the network to restart.

V4.9.0

Cautions

• Due to a comprehensive redesign of the Parental Control feature in V4.9.0, existing configurations for this feature will not be preserved during the upgrade. You will need to reconfigure your settings after the update. Please back up your settings first.
• With the introduction of multi-select configuration and intra-tunnel failover for VPN tunnels in V4.9.0, the inter-tunnel failover feature has been removed. When upgrading with configuration retention, the Kill Switch will be enabled by default in all tunnels. Please back up your settings first.

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience.

New Features

• Added support for DPI (Deep Packet Inspection), providing data statistics, content filtering, and intelligent QoS (Quality of Service).
• Added SQM (Smart Queue Management) to intelligently optimize network queues, reduce latency and jitter.
• Added multi-node selection for VPN tunnels, with automatic failover in case of node failure.
• Added support for PureVPN and Windscribe services under the WireGuard protocol.
• Added an option to enable or disable specific profile configurations in WireGuard Server.
• Added support for creating dedicated networks for IoT devices.
• Added Cellular Profile management and online APN database updates.
• Added ACL (Access Control List) functionality to control network traffic based on rules such as protocol, source IP address, destination IP address, and port number.
• Added support for running the router as a Tailscale exit node and an IP masquerade option.
• Added an option to disable automatic detection and cancel in-progress firmware download.
• Added an automatic cleanup function for offline clients on the Client page.
• Added support for the AmneziaWG 2.0 obfuscation protocol.
• Address Reservation now supports setting a custom Hostname.

Optimization

• Redesigned the VPN functionality, optimizing core interaction flows and visual design for a more intuitive interface and smoother operation.
• Redesigned the Wireless interface by simplifying the layout and unifying the visual hierarchy, making it cleaner and more intuitive.
• Optimized the Cellular interface by integrating cellular features, improving the user experience.
• Optimized encrypted DNS functionality, supporting DoH, DoT, and DoQ encryption methods, along with more DNS provider options, and added the ability to manually configure encrypted DNS servers.
• Improved the Parental Control feature by streamlining the setup process, supporting basic device management, internet time control, and content filtering.
• Upgraded Tailscale to version 1.92.5.
• Upgraded AdGuard Home to version 0.107.73.
• VPN Client now supports batch selection and deletion of configurations.
• Improved the Port Forwarding feature to automatically perform one-to-one mapping for external and internal port ranges.
• When IPv6 is enabled, IPv6 connection status tracking in Multi-WAN is activated automatically.

Bug Fixes

• 2026-05-16: Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

V4.8.8

Overview

This version fixes some bugs.

V4.8.7

Overview

This version fixes some bugs.

V4.8.6

Overview

This version fixes some bugs.

V4.8.5

Overview

This version fixes bugs related to repeater and IPv6.

Bug Fixes

• Fixed the issue of network instability after the repeater was disconnected.
• Fixed some bugs about IPv6

V4.8.4

Supported Models

GL-BE6500

V4.8.8

Overview

This version mainly fixed some known bugs.

V4.9.0

Cautions

• Due to a comprehensive redesign of the Parental Control feature in V4.9.0, existing configurations for this feature will not be preserved during the upgrade. You will need to reconfigure your settings after the update. Please back up your settings first.
• With the introduction of multi-select configuration and intra-tunnel failover for VPN tunnels in V4.9.0, the inter-tunnel failover feature has been removed. When upgrading with configuration retention, the Kill Switch will be enabled by default in all tunnels. Please back up your settings first.

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience.

New Features

• Added support for DPI (Deep Packet Inspection), providing data statistics, content filtering, and intelligent QoS (Quality of Service).
• Added SQM (Smart Queue Management) to intelligently optimize network queues, reduce latency and jitter.
• Added multi-node selection for VPN tunnels, with automatic failover in case of node failure.
• Added support for PureVPN and Windscribe services under the WireGuard protocol.
• Added an option to enable or disable specific profile configurations in WireGuard Server.
• Added support for creating dedicated networks for IoT devices.
• Added Cellular Profile management and online APN database updates.
• Added ACL (Access Control List) functionality to control network traffic based on rules such as protocol, source IP address, destination IP address, and port number.
• Added support for running the router as a Tailscale exit node and an IP masquerade option.
• Added an option to disable automatic detection and cancel in-progress firmware download.
• Added an automatic cleanup function for offline clients on the Client page.
• Added support for the AmneziaWG 2.0 obfuscation protocol.
• Address Reservation now supports setting a custom Hostname.

Optimization

• Redesigned the VPN functionality, optimizing core interaction flows and visual design for a more intuitive interface and smoother operation.
• Redesigned the Wireless interface by simplifying the layout and unifying the visual hierarchy, making it cleaner and more intuitive.
• Optimized the Cellular interface by integrating cellular features, improving the user experience.
• Optimized encrypted DNS functionality, supporting DoH, DoT, and DoQ encryption methods, along with more DNS provider options, and added the ability to manually configure encrypted DNS servers.
• Improved the Parental Control feature by streamlining the setup process, supporting basic device management, internet time control, and content filtering.
• Upgraded Tailscale to version 1.92.5.
• Upgraded AdGuard Home to version 0.107.73.
• VPN Client now supports batch selection and deletion of configurations.
• Improved the Port Forwarding feature to automatically perform one-to-one mapping for external and internal port ranges.
• When IPv6 is enabled, IPv6 connection status tracking in Multi-WAN is activated automatically.
• Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

V4.8.4

Overview

This version improves the interface interaction and fixes some known bugs.

Optimization

• Optimized the AstroWarp feature design, allowing users to connect to the router using an access code without binding account or complex configurations. Users can also manage connections and top up plans directly on the router interface.

V4.8.3

Overview

This version mainly fixed some known bugs.

Optimization

• Replaced NTPD with Chrony, which supports the NTS protocol.
• Optimized the Repeater's detection logic of Captive Portal to be compatible with identifying more authentication pages in different formats.
• Optimized the switching logic of the Repeater; when the internet is already connected, the repeater will not scan for available networks to ensure wireless communication quality.

Bug Fixes

• Fixed security vulnerability CVE-2025-44018.
• Merge the patch related to CVE-2025-62526.
• Fixed iPhone 16 series connection to MLO network failed.
• Fixed the issue where WireGuard server cannot communicate with the LAN side of the router (WireGuard client) without enabling SNAT.
• Fixed the issue of abnormal VPN Dashboard display in some IOS browsers.
• Fixed the issue of using IPv6 to access the internet after changing the failover priority when using Multi WAN with IPv6 enabled.
• Fixed an issue in OpenVPN Server mode where the client's IPv6 DNS was incorrectly pointed to Cloudflare (2606:4700:4700:1001) instead of the server's tunnel IP after connection.
• Fixed the issue where DNS requests still reach AdGuard Home for clients not within VPN rules when All Other Traffic is disabled.
• Fixed duplicate OpenDNS service provider in the options of Manual DNS settings.
• Fixed the issue of LAN side device connection caused by the address of the WebMAV certificate being changed to the address of the guest network after modifying the guest network address.
• Fixed the issue where the port check function could not distinguish protocols in VPN server mode.
• Fixed the issue of no failure reminder when WireGuard port conflicts occurred.
• Fixed the issue where two VPN tunnels were opened and exclusion list rules were set, but the rules did not take effect.

V4.8.1

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience.

New Features

• Added VPN multi-instance, allowing support for enabling multiple VPN clients at the same time.
• Added VPN composite policy, allowing traffic diversion based on multiple criteria, including source interface, source MAC address, and destination domain/IP.
• Added an option to enable or disable VPN internet access on the Clients page, which is effective only when the VPN policy is based on MAC.
• Added the isolation feature between the Guest Network and the Upstream network.
• Added support for HTTPS in RTTY.
• Added a one-click option to send logs to technical support.
• Added support for IPv6 in VPN.

Optimization

• Refactored the Cellular function for improved performance and user interface, supporting more parameter configurations and status displays.
• Redesigned the UI style, improved the Web Admin Panel topology, and introduced new controls to support the presentation of complex services.
• Optimized the guidance of VPN functionality to simplify usage.
• Optimized VPN configuration to support IPv6.
• Optimized the export of client configuration files for the VPN Server, allowing users to manually enter the server address in the configuration file.
• Optimized the Clients page, supporting quick setting of reserved IP addresses.
• Optimized the Log display to support filtering by Log level, module, and keywords, as well as exporting more debugging information.
• Optimized the GoodCloud platform's device binding functionality.
• Optimized the display of VPN Server page status information.
• Optimized the Repeater auto-switching logic.
• Improved the ease of use of the AstroWarp functionality.
• Upgraded OpenVPN to version 2.6.12.
• Upgraded Dnscrypt-proxy to version 2.1.5.
• Upgraded Stubby to version 0.4.3.
• Upgraded Zerotier to version 1.14.1.

V4.7.14

Overview

This version primarily addresses certain MLO-related issues and improves the stability of MLO Wi-Fi.

Improvement

• Fixed issues related to MLO and 6 GHz configuration.
• Resolved an issue where DLNA functionality would fail after rebooting with a USB drive inserted.
• Fixed a problem in the network setup wizard where logging into NordVPN would incorrectly display the connection status and prevent the VPN from being disabled.

V4.7.11

Overview

This version fixes bugs related to HTTPS implementations.

Bug Fixes

• Fixed an issue where the cloud platform malfunctioned after enforcing HTTPS.

V4.8.5

Overview

This version fixes some issues to improve the user experience.

Bug Fixes

• Fixed an issue where dial-up failed due to slow network registrations on certain ISP networks.

V4.8.4

Overview

This version fixes some issues and includes optimizations to improve the user experience.

Optimization

• Optimized the automatic reconnection mechanism for repeater in AC+AP or mesh scenarios to speed up reconnection.
• Adjusted the battery temperature detection to improve battery level display.
• Optimized the display of locked carrier names.
• Optimized the country code information in the database.
• Optimized the data usage statistics feature.

Bug Fixes

• Fixed an issue where disabling the repeater occasionally failed when continuously disabling it on the touchscreen.
• Fixed an issue where the OTA upgrade popup was missing on the touchscreen home page in AP mode and Extender mode.
• Fixed an issue where SMS functionality became unavailable after repeatedly switching network types and SIM cards.
• Fixed an issue where manually configured APN was not correctly displayed on the SIM card details page when using a MobileX SIM card.
• Fixed an issue where the Mudi 7 could not scan nearby Wi-Fi networks when the surrounding Wi-Fi had a special OUI type (0050f2).
• Fixed the issue of unstable cellular network caused by incomplete support for segment characteristics of partial base stations in Europe.

V4.8.3

Overview

This version mainly fixes abnormal internet dialing issues for specific carriers.

Bug Fixes

• Fixed an issue where abnormal dialing with Verizon carrier.

V4.8.2

Overview

This version fixes some issues to improve the user experience.

Optimization

• Optimized high-temperature battery charging to speed up charging in certain temperature ranges.
• Optimized repeater status display on touchscreen.

Bug Fixes

• Fixed an issue where locking the NR base station on SIM2 would fail when two SIM cards from different carriers were inserted.
• Fixed an issue where unlocking would fail on eSIM after switching from SIM2 with a successful NR base station locking.
• Fixed an issue where some PD adapters could not charge.
• Fixed an issue where the top status bar on the touchscreen would not display properly after a failed online upgrade via the touchscreen.
• Fixed an issue where downstream devices of Mudi 7 failed to obtain an IP address when Mudi 7 was connecting to certain MTK chips Wi-Fi networks in Extender mode.

V4.8.1

Overview

This version introduces a new feature and fixes some issues to improve the user experience.

New Features

• Added online update support for the touchscreen.

Optimization

• Optimize battery level recognition and charging after hot-swapping the battery at low battery level.

Bug Fixes

• Fixed an issue where verification was still required after successful portal authentication.
• Fixed an issue where OpenVPN failed to connect after a power cycle when connected in TAP‑S2S mode.
• Fixed an issue where SMS messages in Greek and Italian were displayed as garbled characters.

V4.3.26

Overview

This version fixes some security vulnerabilities.

Synchronize Updated Models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

V4.3.19

Overview

This release mainly adds new features and fixes bugs.

Supported models

GL-E750/GL-E750v2.

New features

• Added VSIM functionality(For new device).
• Introduce automatic dialing function for Webbing card.
• Implemented ESIM support.
• Added compatibility for the EM12G Modem module.

BUG fix

• Resolved an issue where MoResolved an issue where Modem QMI protocol dialing and PAP/CHAP authentication could fail.
• Fixed the issue where Modem IPV6 dialing probabilistically failed to obtain an IPV6 address.
• Addressed several known security vulnerabilities.

V4.3.18

Overview

This version fixes some security vulnerabilities.

Supported models

Slate (GL-AR750S), Creta (GL-AR750), Mudi (GL-E750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Puli (GL-XE300), Convexa-B (GL-B1300), Cirrus (GL-AP1300).

V4.3.17

Overview

This version fixes some security vulnerabilities and other bugs.

Supported models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

Bug fixes

• Fixed the issue that the Web may show an error message when modifying the Maximum Number of Users or DHCP Gateway in the LAN page.
• Fixed the issue that some disconnected Wi-Fi clients still show online in the client list.
• Fixed the issue that the color of the online upgrade dialog is abnormal under the dark theme.
• Fixed the issue that GL-SFT1200 can not be upgraded online.
• Fixed the issue that the client device cannot access the Internet IPv6 address in Static IPv6 mode of GL-SFT1200.
• Fixed some interface text errors.

V4.3.12

Overview

This version mainly includes bug fixes, and security vulnerability resolutions, as shown below.

Bug fixes

• Fixed E750V2 problem with abnormal display caused by modem name being too long.
• Fixed the error in determining whether the ep06 SMS function is available.
• Fixed some known vulnerabilities.
• Fixed channel exception when 5g wifi country is DE.

BUG fix

• Fix crash when downloading large files on 3G dial-up.
• Fix the black screen issue when v1 custom text page restarts.
• Fix the problem of abnormal display of operator name.
• Optimize cloud process memory usage.
• Fix the problem that openvpn cannot connect when multiple Wan cables are not connected to the network.
• Fix the abnormal problem of accessing https site through s2s tunnel.
• Fix the problem that lower-level devices in ipv6 passthrough mode cannot obtain ipv6 addresses.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

Cautions

• Your settings can NOT be kept when upgrading to this version from 3.x. Please backup your settings first.
• This version firmware does NOT include the following features:
  • File Sharing
  • Captive Portal
  • RS485
  • GPS
  • Mesh
• This admin panel does NOT include the following languages:
  • French
  • Korean
  • Russian
• Limited by CPU performance and storage space, this version firmware also does NOT include Network Storage fature. (Allow users to install via plug-in after exroot)

OpenWrt Upgrade

• Built based on OpenWrt 22.03.4 (E750).

New Features

• Added Scheduled Tasks feature.
• Added Overview page to display system loading and Battery condition.
• Added Multi-WAN feature, allowing users to switch between failover and load balancing modes.

Optimization

• Refactored and optimized System Architecture.
• Redesigned interface UI.
• Optimized sidebar structure.
• Refactored and optimized repeater feature.
• Refactored and optimized VPN features.
• Refactored and optimized clients feature.
• Optimized Cellular Settings feature.
• Optimized DNS feature.
• Optimized MAC Clone feature, which has been renamed to MAC address.
• Optimized IPv6 feature with the addition of Native mode.
• Optimized Guest Wi-Fi with the addition of SSID Visibility option.
• Optimized DDNS Test.
• Optimized connections with GoodCloud.
• Optimized the memory consumption during the tor connection process, causing the device to freeze.

V4.8.5

Overview

This version mainly fixed some known bugs. This is a beta firmware, which has only undergone basic testing. Please use with caution and contact support@gl-inet.com if you encounter any problems.

Bug Fixes

• Fixed modem dial-up issues.
• Fixed abnormal log printing issues related to the modem.
• Fixed the issue where OLED did not display VPN connection status.
• Fixed the issue where Cell Info was not fully displayed when EM060K module used multi-band carrier aggregation for networking.
• Fixed SMS display issues.
• 2026-05-21: Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

V4.8.4

Overview

This version mainly fixed some known bugs.

Bug Fixes

• Fixed modem dial-up issues.
• Fixed abnormal log printing issues related to the modem.
• Fixed the issue there OLED did not display VPN connection status.
• Fixed the issue where Cell Info was not fully displayed when EM060K module used multi-band carrier aggregation for networking.
• Fixed SMS display issues.

V4.8.3

Cautions

The OpenWRT version has been upgraded. Please do NOT keep settings when downgrading to an earlier version. Please backup your settings first.

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience.

New Features

• Added VPN multi-instance to support enabling multiple VPN clients simultaneously.
• Added VPN composite policy for traffic diversion based on multiple criteria, including source interface, source MAC address, and destination domain/IP.
• Added an option to enable or disable VPN internet access on the Clients page, which is effective only for MAC-based VPN policies.
• Added the isolation feature between the Guest Network and the Upstream network.
• Added HTTPS support for RTTY.
• Added a one-click option to send logs to technical support.
• Added IPv6 support for VPN.

Optimization

• Refactored the Cellular function for improved performance and user interface, supporting more parameter configurations and status displays.
• Redesigned the UI style, improved the Web Admin Panel topology, and introduced new controls to support the presentation of complex services.
• Optimized toggle switch functionality to support Repeater, Wi-Fi and LED light control.
• Optimized the guidance of VPN functionality to simplify usage.
• Optimized VPN configuration to support IPv6.
• Optimized the export of client configuration files for the VPN Server, allowing users to manually enter the server address in the configuration file.
• Optimized the Clients page, supporting quick setting of reserved IP addresses.
• Optimized the Log display to support filtering by Log level, module, and keywords, as well as exporting more debugging information.
• Optimized the device binding functionality of the GoodCloud platform.
• Optimized the display of VPN Server page status information.
• Optimized the Repeater auto-switching logic.
• Improved the ease of use of the AstroWarp functionality.
• Upgraded OpenVPN to version 2.6.12.
• Upgraded Dnscrypt-proxy to version 2.1.5.
• Upgraded Stubby to version 0.4.3.
• Upgraded Zerotier to version 1.14.1.

Bug Fixes

• Fixed security vulnerability CVE-2025-44018
• Fixed when configuring the VPN domain name policy, the domain names in the list cannot be resolved properly
• Fixed OLED cannot accurately display the VPN status

System

1. Based on openwrt 19.07.8 (MIFI,X750,E750,XE300,XE300)
   
2. Based on QSDK11 (AP1300)
   

Important bugfix

1. Fix account error for SMTP settings.
   

System

1. Based on openwrt 19.07.8 (AR150,MIFI,AR300M,USB150,N300,AR750,AR750S,X750,E750,XE300,MT1300,MT300N-V2,MV1000)
   
2. Based on QSDK11 (B1300,S1300,AP1300,B2200,AX1800)
   
3. Based on Siflower SDK (SF1200,SFT1200)
   

Security

1. Fixed shell injection vulnerabilities.
   

New features

1. Support upgrade to sdk4.x.
   

Important bugfix

1. Fixed SF1200/SFT1200 VPN data leaks.
   
2. Fixed MT300N-V2 switch does not reset after the network is restarted.
   
3. Fixed X750 wireless initialization exception.
   
4. Fixed B2200 WiFi mac error.
   
5. Fixed B2200 MESH clients display error.
   
6. Fixed B2200 MESH link instability.
   
7. Fixed B2200 MESH status LED display error.
   
8. Fixed B2200 MESH network failure after the upgrade.
   
9. Fixed B2200 MESH sub-router web error message.
   
10. Fixed AX1800 USB output is powered off because the manual modem reset.
    
11. Fixed Wireguard client reconnect failure in some scenarios.
    
12. Fixed Error occurs when the wireguare client name contains spaces.
    

System

1. Based on openwrt 19.07.8 (MIFI,X750,E750,XE300,XE300)
   
2. Based on QSDK11 (AP1300)
   

Important bugfix

1. Fix account error for SMTP settings.
   

Security

1. Fixed shell injection vulnerabilities.
   

New features

1. Support upgrade to sdk4.x.
   

Important bugfix

1. Fixed SF1200/SFT1200 VPN data leaks.
   
2. Fixed MT300N-V2 switch does not reset after the network is restarted.
   
3. Fixed X750 wireless initialization exception.
   
4. Fixed B2200 WiFi mac error.
   
5. Fixed B2200 MESH clients display error.
   
6. Fixed B2200 MESH link instability.
   
7. Fixed B2200 MESH status LED display error.
   
8. Fixed B2200 MESH network failure after the upgrade.
   
9. Fixed B2200 MESH sub-router web error message.
   
10. Fixed AX1800 USB output is powered off because the manual modem reset.
    
11. Fixed Wireguard client reconnect failure in some scenarios.
    
12. Fixed Error occurs when the wireguare client name contains spaces.
    

System

1. Based on openwrt 19.07.8 (AR150,MIFI,AR300M,USB150,N300,AR750,AR750S,X750,E750,XE300,MT1300,MT300N-V2,MV1000)
   
2. Based on QSDK11 (B1300,S1300,AP1300,B2200,AX1800)
   
3. Based on Siflower SDK (SF1200,SFT1200)
   

V4.3.25

Overview

This version fixes some security vulnerabilities.

Synchronize Updated Models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

V4.3.19

Overview

This version fixes some security vulnerabilities.

Supported models

Beryl (GL-MT1300), Spitz (GL-X750), Opal (GL-SFT1200).

V4.3.18

Overview

This version introduces new SIM APN support, alongside various bug fixes and security enhancements.

Supported Models

Beryl(GL-MT1300), Spitz(GL-X750V2), Opal(GL-SFT1200).

New Features

• Added APN support for Webbing SIM cards (wbdata)(GL-X750V2).

Bug Fixes

• Fixed the issue where the device fails to connect to the network via QMI or QCM protocols when a telecom card is inserted and IPv6 is enabled.
• Fixed the issue of dnscrypt generating unnecessary logs on SFT1200 devices.
• Fixed the misidentification of LAN port speed on SFT1200 devices.
• Fixed the issue where the default luci page of SFT1200 only supports English configurations, excluding Chinese.
• Fixed the generation of unnecessary netclash logs during the startup process.
• Fixed dial-up failures on the modem during the dialing process when using QMI protocol, manually setting APN, and selecting PAP/CHAP authentication.
• Fixed the issue that under European (DE) country code, there will be a high band channel (149-161), and the channel display is wrong when 20MHz bandwidth is set.
• Fixed the problem of 2.4GHz channel display error after switching to Japan country code in luci page.
• Fixed the issue that when GL-MT1300 long press Reset for 4-7 seconds to switch routing mode, the br-lan interface is not working.
• Fixed the issue that the GL-X750V2 cannot ping IPV6 web site after switching IPV6 mode.

V4.3.17

Overview

This version fixes some security vulnerabilities and other bugs.

Supported models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

Bug fixes

• Fixed the issue that the Web may show an error message when modifying the Maximum Number of Users or DHCP Gateway in the LAN page.
• Fixed the issue that some disconnected Wi-Fi clients still show online in the client list.
• Fixed the issue that the color of the online upgrade dialog is abnormal under the dark theme.
• Fixed the issue that GL-SFT1200 can not be upgraded online.
• Fixed the issue that the client device cannot access the Internet IPv6 address in Static IPv6 mode of GL-SFT1200.
• Fixed some interface text errors.

V4.3.11

Overview

This firmware release provides optimizations, bug fixes, and fixes for security vulnerabilities.

Supported Models

GL-AR300M,GL-AR300M16,GL-AR750,GL-AR750S,GL-B1300,GL-MT300N-V2,GL-MT1300,GL-SFT1200 and GL-X750

New features

• Added language support for Korean.
• (Only available on GL-X750) Added some software packages: kmod-fs-vfat, kmod-fs-ntfs, kmod-fs-ext4, e2fsprogs.

Bug fixes

• Fixed an issue with GL-MT300N-V2 where the dip switch and the UI display were reversed.
• Fixed an issue with GL-MT300N-V2 where wireless terminals could not obtain an address after successfully switching to the Extend and WDS modes.
• Fixed an issue where two routers acting as the VPN server and the VPN client respectively could not automatically reconnect after disconnection due to network volatility.
• Fixed an issue where client devices connected through an ethernet cable would not automatically reconnect after the LAN IP address was modified.
• Fixed a conflicted that occurred with GL-SFT1200 between PPPoE protocol with VLAN ID and hardware acceleration.
• Fixed an error that happened when a device using PPPoE protocol first switched to the Extender mode and then restored the Route mode.
• Fixed various known vulnerabilities.

V4.3.10

Overview

This version mainly includes optimizations, bug fixes, and security vulnerability resolutions, as shown below.

This release is available for the following models:
GL-AR300M Shadow
GL-AR300M16 Shadow
GL-AR750 Creta
GL-AR750S-EXT Slate
GL-B1300 Convexa-B
GL-MT300N-V2 Mango
GL-MT1300 Beryl

Bug fixes

• Fixed deadlock issue in mwan3.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

Cautions

• Your settings can NOT be kept when upgrading to this version from 3.x. Please backup your settings first.
• This version firmware does NOT include the following features:
  • File Sharing
  • Captive Portal
  • Automatic Upgrade
  • RS485
  • GPS
  • Mesh
• This admin panel does NOT include the following languages:
  • French
  • Korean
  • Russian
• Limited by CPU performance and storage space, this version firmware also does NOT include Network Storage fature. (Allow users to install via plug-in after exroot)

OpenWrt Upgrade

• Built based on OpenWrt 22.03.4 (AR300,AR750,AR750S,X300B,X750,XE300,MT300N-V2,MT1300,E750).
• Built based on OpenWrt 21.02.2 (B1300).
• Built based on OpenWrt 18.06 (SFT1200).

New Features

• Added Scheduled Tasks feature.
• Added Overview page to display system loading and set LED.
• Added Multi-WAN feature, allowing users to switch between failover and load balancing modes.
• Added Drop-in Gateway feature.

Optimization

• Refactored and optimized System Architecture.
• Redesigned interface UI.
• Optimized sidebar structure.
• Refactored and optimized repeater feature.
• Refactored and optimized VPN features.
• Refactored and optimized clients feature.
• Optimized Cellular Settings feature.
• Optimized DNS faeture.
• Optimized MAC Clone feature, which has been renamed to MAC address.
• Optimized IPv6 feature with the addition of Native mode.
• Optimized Guest Wi-Fiwith the addition of SSID Visibility option.
• Optimized DDNS Test.
• Optimized connections with GoodCloud.

BUG fix

• Fixed the TTL settings not taking effect when fw4 is used.

V4.3.26

Overview

This is a beta firmware, which has only undergone basic testing. Please use with caution and contact support@gl-inet.com if you encounter any problems.

Bug Fixes

• 2026-05-28: Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

System

1. Based on openwrt 19.07.8 (AR150,MIFI,AR300M,USB150,N300,AR750,AR750S,X750,E750,XE300,MT1300,MT300N-V2,MV1000)
   
2. Based on QSDK11 (B1300,S1300,AP1300,B2200,AX1800)
   
3. Based on Siflower SDK (SF1200,SFT1200)
   

Security

1. Fixed shell injection vulnerabilities.
   

New features

1. Support upgrade to sdk4.x.
   

Important bugfix

1. Fixed SF1200/SFT1200 VPN data leaks.
   
2. Fixed MT300N-V2 switch does not reset after the network is restarted.
   
3. Fixed X750 wireless initialization exception.
   
4. Fixed B2200 WiFi mac error.
   
5. Fixed B2200 MESH clients display error.
   
6. Fixed B2200 MESH link instability.
   
7. Fixed B2200 MESH status LED display error.
   
8. Fixed B2200 MESH network failure after the upgrade.
   
9. Fixed B2200 MESH sub-router web error message.
   
10. Fixed AX1800 USB output is powered off because the manual modem reset.
    
11. Fixed Wireguard client reconnect failure in some scenarios.
    
12. Fixed Error occurs when the wireguare client name contains spaces.
    

V4.7.4

Overview

This version fixes some security vulnerabilities and other bugs.

Bug Fixes

• Fixed the issue where the failed VPN policy subscription URL request would display an unknown error.
• Fixed the issue where turning off 'Override DNS Settings of All Clients' would not take effect after enabling AdGuard Home or VPN Client.
• Fixed the issue where DDNS testing failed to display the WAN address of Ethernet 2.
• Fixed an issue where no error message was displayed when entering an incorrect old password, while changing the administrator password.
• Fixed the issue where manually adding a WireGuard Client configuration would incorrectly prompt the error message.
• Fixed the issue where modifying the administrator password did not log out the current LuCI session.
• Fixed the issue where the AzireVPN login password containing special characters, such as '$', would incorrectly trigger an 'invalid login info' error message.
• Fixed the issue where the client name containing a comma prevented address retrieval.
• Fixed the issue where the GL.iNet APP could not customize client types.
• Fixed the issue where network storage could not share directories containing special characters.
• Fixed the issue where Wi-Fi 5G downlink rate decreased after the client was connected for a period of time.
• Fixed the issue where turning on the 'Camouflage' mode would still fail to pass the portal authentication.
• Fixed the issue where switching from DHCPv6 to PPPoEv6 prevented the downstream devices from accessing the internet.
• Fixed the issue where switching to WDS mode, after enabling AP isolation, would cause address acquisition failure.
• Fixed the issue where the WireGuard Client name field would close automatically when tapping outside the input area.

V4.7.0

Overview

This version introduces several new features and enhancements that improve the interface interaction for overall user experience.

Synchronize Updated Models

Beryl AX (GL-MT3000), Brume 2 (GL-MT2500), Flint 2 (GL-MT6000).

New Features

• Added device initialization wizard, including settings for administrator and WiFi password, networking connection, VPN and other core functionalities.
• Added AstroWarp mode (Beta), allowing you to create your own network using aggregated connections and cloud gateways for a high-speed, stable network experience.
• Added cloud account login functionality, supporting device binding to the cloud from the firmware web page.
• Added domain name list subscription feature, supporting VPN policies and parental control through URL subscriptions for online domain name or IP list.
• Added support for Control D DNS.
• Added AP Isolation function.
• Added Luci Access Restriction function.
• Added USB port protocol conversion function, allowing downgrading to use USB 2.0.
• Added Network Port Management page, supporting scheduled and reboot of automatic updates for Ethernet MAC, WAN/LAN port switching, and displaying network port negotiation rates.
• Added support for NordVPN, PIA, Surfshark, Hideme, IPVanish WireGuard VPN services, along with AzireVPN registration functionality.

Optimization

• Optimized the process for manually adding the WireGuard client configuration files and supporting automatic key generation.
• Optimized the process of configuring vendor profiles for VPN clients.
• Optimized repeater random MAC settings, supporting scheduled and reboot of automatic updates for repeater MAC.
• Optimized the detection process for multi-WAN load network status.
• Optimized OpenVPN Client functionality, allowing modification of configuration file names.
• Optimized the page names in the web management panel so that the router's hostname is displayed in the browser tab.
• Optimized the design of interface error messages and interactive elements like input dropdown lists.
• Upgraded AdGuard Home to version 0.107.52.
• Upgraded Tor to version 0.4.8.9.

V4.6.8

Overview

This version mainly focuses on fixing a few known bugs.

Synchronized Updated Models

Flint (GL-AX1800), Slate AX (GL-AXT1800), Beryl AX (GL-MT3000), Brume 2 (GL-MT2500)/(GL-MT2500A), Flint 2 (GL-MT6000).

Improvement

• Upgrade AdGuard Home version to v0.107.52.

Bug Fixes

• Fixed the issue where, after enabling the VPN client and using Global Proxy, enabling AdGuard Home to handle client requests resulted in only localhots 127.0.0.1 appearing in the client list on the settings page.
• Fixed the issue that TCP port can be probed when WireGuard Server is enabled.
• Fixed the issue where the 5G wireless disappeared after the device relayed an upstream device with a 5G channel set to 20M dfs.
• Fixed the issue that resulted in unusual log messages.
• Fixed the issue where the router's own DNS requests always went through the dnsmasq proxy after switching DNS settings on the page.

V4.6.4

Overview

This version mainly focuses on fixing a few known bugs and fixes some security vulnerabilities to enhance the user experience.

Supported Models

GL-AX1800, GL-AXT1800, GL-MT2500/GL-MT2500A, GL-MT3000, GL-MT6000.

Improvement

• Updated WiFi driver(MT3000).

Bug Fixes

• Fixed an issue with DNS leaks when upgrading from version 4.5.x reserved configurations to 4.6.x with VPN connected.
• Fixed the issue that when the 5G main network is not a DFS channel, the 5G main network page will be opened again with a prompt of about 3s for DFS channel availability detection.
• Fixed a relay scan timeout issue when the WiFi was configured with DFS channels.
• Fixed the issue where the relay icon did not turn gray when disconnecting the relay connection while the internet connection mode was set to relay and wired.
• Fixed the issue where language packs were not retained after upgrading with preserved configuration.
• Fixed the issue where PC WebDAV access would show no data, after enabling WebDAV, inserting a USB drive, and rebooting.
• Fixed the issue where RTTY-WEB remote access encountered relay scan errors and failed to relay.
• Fixed a crash of the device's WiFi driver when connecting with a D-Link DWA-192 AC1900 network adapter to 2.4G WiFi.
• Corrected an issue where adding and applying any custom rule in parental control had no effect on Google Chrome.
• Fixed an issue where trunks were configured with static IPs, and the trunks showed up as connected even though the trunks were disconnected.
• Fixed the issue of DNS leakage when VPN Client and DNS encryption are enabled.
• Corrected a problem where switching internet connection modes did not update the IP address in DDNS resolution.
• Fixed an issue where videos and images on the USB drive could not be accessed after inserting a USB drive, enabling DLNA, and soft resetting the device.
• Resolved a DNS leak issue when switching VPN policy from global proxy to IP/domain-based mode.
• Fixed the issue that the client's hostname was reported to the relay's superior after the relay set a random MAC.
• Fixed the issue that the WAN port does not show IPv6 address when connecting to a VPN client and then enabling IPv6.
• Addressed a program crash caused by relay scanning when no other APs were nearby.
• Corrected a crash caused by wireless scanning of SSIDs containing carriage return characters.
• Fixed the issue where accessing the device management page using an IPv6 address displayed incorrect MAC cloning information for Ethernet and relay.
• Fixed the issue where the WebDAV function did not work properly when using an account or password with a length of 64-bit characters.
• Fixed the issue that after pulling Mullvad VPN configuration, when the corresponding Public Key is deleted from the Mullvad website and the configuration is pulled again, the IP address in the pulled configuration changes to 'The'.
• Resolved the issue of relay scanning crashing when IBSS exists in the surrounding area.
• Fixed the issue where firewall rules would occasionally disappear after rebooting the device following a connection to wgclient.
• Fixed the issue where dip switch is bound to wireguard client, the device turns on ovpn client, and restarting the device causes vpn policy to fail.
• Fixed the issue where the killswitch failed to work when the DNS service was proxied by the AdGuard program or an encrypted DNS program, and the VPN was in a connected state.

V4.6.2

Overview

This version mainly provides the following improvements:

• Improved the user experience with the repeater feature. Resolved an issue where most hotspots using Captive Portal could not be repeated.
• Improved the display of IPv6 addresses, and added support for customization of the interface language packs.

Supported models

Flint (GL-AX1800), Slate AX (GL-AXT1800), Beryl AX (GL-MT3000), Brume 2 (GL-MT2500)/(GL-MT2500A), Flint 2 (GL-MT6000).

New features

• Added the Login Mode for Public Hotspots and the Camouflage Mode. This resolved an issue where most hotspots using Captive Portal could not be repeated.
• Added the option to use a randomized BSSID to prevent devices from being traced by BSSID.
• Added the UI language pack management feature. This allows adding additional language packs and subscribing to language pack updates.
• Added an option to choose whether the VPN interface uses manually configured DNS. This allows using the VPN's DNS servers, if Encrypted DNS or AdGuard Home is enabled.
• Added support for port range forwarding and port forwarding rule prioritization options.
• Added TTL, HL, and MTU options for each interface.
• Added support for connecting to Wi-Fi via QR code.

Improvements

• Optimized the repeater feature to enhance performance and user experience. Added support for configuring MAC address for SSIDs individually.
• Optimized the display of IPv6 address on the Internet page and the Client page.
• Optimized the MAC address setting logic to support cloning or setting random MAC addresses for each interface.
• Optimized the status display on the Tethering interface to make a clear distinction between 'disabled' and 'enabled but no device'.
• Optimized the port forwarding feature. It now has its own page within the admin panel and can function simultaneously as DMZ. The port opening (previously on the Firewall page) has been moved to the Security page.
• Optimized the logic of jumping after LAN IP is modified so that users do not need to sign in again.
• Optimized the logic of guest network enabling. If guest Wi-Fi is disabled, guest network will also be disabled.
• Optimized the logic of toggle switches. When rebooting a device, the enabling status of corresponding services (such as VPN) will be set according to the status of the toggle switch.
• Removed the length restriction on mobile phone number in SMS sending and forwarding.
• Removed the option 'Force 20MHz Bandwidth For 2.4G' from the Repeater settings.
• Upgraded AdGuard Home to version 0.107.46.

Bug fixes

• Fixed an issue where reserved IP addresses were incorrectly sorted by IP if the IP address range was large.
• Fixed instances where abnormal issues would occur during firmware grade when “keep settings” was selected during IPv6 mode.
• Fixed an issue where the reset feature would not work when Tailscale was enabled.
• Fixed an issue where parental controls would not properly resolve domain names using capital letters (e.g., WWW.GOOGLE.COM).
• Fixed an issue where manually configured routes would not work in some cases when the VPN client was in custom routing proxy mode.
• Fixed an issue where the cellular interface would incorrectly determine the internet status of the IPv6 protocol.
• Fixed an issue where the manual DNS server address in the DNS interface would be invalid after disabling AdGuard Home.
• Fixed an issue where the imported WireGuard profiles with multi-line AllowedIPs entries were parsed incorrectly.
• Fixed an issue where re-uploading an OpenVPN profile ZIP file with an additional certificate file would not overwrite the old certificate file upload the first time. (This caused some configurations provided by the VPN service providers to not update properly when manually uploaded again.)
• Fixed an issue where the router would not recognize USB cellular modems using the M2 EM05G model.
• Fixed an issue that prevented the VPN from properly following the interface connection status for failover to function when using policy-based proxy mode.

V4.5.16

Overview

This release version mainly enhances network security and fixes known issues with network status detection, providing users with the option to manually add languages in the language community and the option to pre-emptively experience the new version. It is compatible with Full Cone NAT and SIP ALG features found in other routers. Optimization, bug fixing, and vulnerability repair for more vendors are shown below.

Supported Models

GL-A1300 Slate Plus, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-MT3000 Beryl AX, GL-MT2500/GL-MT2500A Brume 2, GL-X300B Collie

New features

• Reconstructed mwan3 and renamed it as kmwan. Optimized failover and load balancing, as well as network status in various scenarios.
• Added the Security configuration page.
• Added grayscale testing design. Added RC version subscription and upgrade.
• Added the communityization of language packs to support manual addition.
• Added support for IPoE, and support for configuring VLAN ID during DHCP and static dialing.
• Added Full Cone NAT function.
• Added the SIP ALG option.
• Added new temperature protection setting for MTK Wi-Fi.

Improvements

• Optimized the side route UI interaction and add the option to turn off the DHCP server itself.
• Optimized the restart process of the relay program.
• [Only for GL-X300B Collie] Optimized the functionality of RS485, the UI, and localization.
• Optimized the Tailscale mechanism.
• Updated language files and pull translation scripts.

Bug fixes

• Fixed an issue where the interface jumped due to the incorrect change in the client's online time.
• Fixed an issue with the TTL settings not taking effect.
• Fixed an issue where scanning always indicated that it was in DFS when all interfaces were disabled.
• Fixed an issue of failing to enable Wi-Fi for the first time after upgrading.
• Fixed an issue of failing to connect to the AP due to a failure to parse IE_HT_CAP.
• Fixed an issue where multiple parsed AllowedIPs were incorrect when parsing the uploaded WireGuard client configuration files.
• Fixed an IP conflict issue that occured when adding a client profile to WireGuard after modifying the PeerIP of the WireGuard server configuration via SSH.
• Fixed an issue where inbound data from non-VPN interfaces would not trigger port forwarding rules when VPN was enabled.
• Fixed an issue where some devices from the TAP-S2S OpenVPN client would not display properly on the client page.
• Fixed an issue where the OpenVPN server certificate may be lost after rebooting the device.
• Fixed an issue where selecting manual mode on the MAC address page and entering the factory default MAC address on the ethernet page would result in an unsuccessful configuration even after connecting to the repeater successfully at first.
• Fixed an issue where the network speed limit feature was still activated after enabling network speed limit, enabling network acceleration, and rebooting the device.
• Fixed some known vulnerabilities.

V4.5.0

Overview

This release version mainly enhances network security and fixes known issues with network status detection, providing users with the option to manually add languages in the language community and the option to pre-emptively experience the new version. It is compatible with Full Cone NAT and SIP ALG features found in other routers. Optimization, bug fixing, and vulnerability repair for more vendors are shown below.

This release is available for the following models:
GL-A1300 Slate Plus
GL-AX1800 Flint
GL-AXT1800 Slate AX
GL-MT3000 Beryl AX
GL-MT2500/GL-MT2500A Brume 2
GL-X300B Collie

New features

• Reconstructed mwan3 and renamed it as kmwan. Optimized failover and load balancing, as well as network status in various scenarios.
• Added the Security configuration page.
• Added grayscale testing design. Added RC version subscription and upgrade.
• Added the communityization of language packs to support manual addition.
• Added support for IPoE, and support for configuring VLAN ID during DHCP and static dialing.
• Added Full Cone NAT function.
• Added the SIP ALG option.
• Added new temperature protection setting for MTK Wi-Fi.

Improvements

• Optimized the side route UI interaction and add the option to turn off the DHCP server itself.
• Optimized the restart process of the relay program.
• [Only for GL-X300B Collie] Optimized the functionality of RS485, the UI, and localization.
• Optimized the Tailscale mechanism.
• Updated language files and pull translation scripts.

Bug fixes

• Fixed an issue where the interface jumped due to the incorrect change in the client's online time.
• Fixed an issue with the TTL settings not taking effect.
• Fixed an issue where scanning always indicated that it was in DFS when all interfaces were disabled.
• Fixed an issue of failing to enable Wi-Fi for the first time after upgrading.
• Fixed an issue of failing to connect to the AP due to a failure to parse IE_HT_CAP.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

V4.4.6 - Oct 8,2023

VPN

• Fixed the problem that the OpenVPN client cannot access the Internet after dialing up, either by rebooting the router or by restarting the feature.

WireGuard

• Fixed the problem that WireGuard client gets error 'Error: inet6 prefix is expected rather than' when connecting to server.
• Fixed the problem that the WireGuard client of the device under test does not disconnect after the WireGuard server of the device accompanying the test is shut down, and keeps showing the connection status.

Repeater

• Fixed the problem that the wireless network connection is abnormal after the router repeater DFS channel.

Tailscale

• Fixed the problem that when using PPPoE dialup, the Internet cannot be accessed when tailscale is enabled.
• Fixed the problem that the Good Cloud platform fails to connect when Tailscale is enabled.

Clients

• Fixed the problem that the black/white list function is not compatible with the old version of blacklist.

Upgrade

• Fixed the problem that online upgrade reports error '-4,fetch firmware name fail: network unreachable'.

DDNS

• Fixed the problem that all TCP ports are opened when DDNS is enabled to allow http/https access in reserved configurations.

LAN

• Fixed the problem that br-lan occasionally hangs when changing LAN IP.

Ethernet

• Fixed the problem that Wan interface do not work.

V4.4.5 - Aug 11,2023

VPN

• Open VPN server when using tor,delete -4VPN conflict prompt.

GoodCloud

• Fix MQTT runs abnormally after obtaining 4G/5G information.

Modem

• Fix M2 demo board cannot recognize SIM card.
• Fix abnormal display of LTE bandwidth.

Tailscale

• Add support for accepting routes option.
• Add support for mutual access between Tailscale subnets.

Dns

• Fix next-dns setting does not take effect.

WireGuard

• Fix WireGuard cannot reconnect after working for two days.

Parental Control

• Fix adding specified url does not take effect.

Bug Fixes

Fixed the problem that after the MT3000 relays the 160M Hz hotspot, the AP becomes 20M.
Fixed the problem that the AX/AXT1800 cannot access the AP itself after relaying the DFS 140 channel.
Fixed the problem that parental control cannot block blacklist websites in newer browsers.
Fixed the externder working mode, the superior cannot ping the subordinate.
Fixed the problem that openvpn port forwarding fails after the reserved configuration is upgraded.
Fix the problem that mqtt cannot report SSID.
Fixed the problem that ddns occasional interface return error.
Fixed The relay cannot connect to Huawei TC7102 160MHz 5GWiFi.
Fix single sim card slot does not return dual sim card slot information.
Fixed the problem that after the adguardhome function is turned on on the A1300 and the adguardhome is turned off, the visitor has no network.
Fixed the problem that Openvpn Server and wireguard Server shut down remote access to the LAN subnet, but the Openvpn and wireguard clients can still access the IP address of the PC on the LAN side of the server.
Fixed the AP bridge mode, the bridge is not successful. The address assigned by the superior cannot be obtained.
Support-EM160R-EM060K-EM120K-RM520N-modem.
Fixed the problem that A1300 cannot recognize USB3.0 external modem.
Fixed the problem of abnormal equipment caused by the time zone or 160M bandwidth issued by the GoodCloud.
Correct the display problem of the LED light in the unconnected network mode.
Fixed the problem of unsuccessful dialing using external modem, QMI and QCM protocol dialing.
Roll back MTK SDK from v7.6.7.0 to v7.6.6.1.

Bug Fixes

Fixed a problem where the WiFi configuration page showed unavailable channel options.
Fixed a problem where NordVPN could not resolve DNS after keeping settings upgrade.
Fixed a problem where GL-MT3000 failed to recognize USB3.0 modem.
Fixed a problem where the IPV6 rate limiting does not take effect.
Fixed a problem where GL-MT3000 failed to repeat to iPhone 13 and TP-LINK ACR700.
Fixed a memory leak problem in GL-MT3000 when using QCM protocol.
Fixed a probabilistic issue where GL-MT3000 could not apply OpenVPN username and password.
Fixed switch button not taking effect when parental control is enabled on GL-A1300.
Fixed a BUG where clients could not access the internet after failover.

Optimizations

Disabled nginx access logs.
Optimized the MWAN3 online detection threshold.
Optimized the synchronization of configuration files in abnormal situations.
Optimized the repeater scan time of GL-MT3000.

Software Upgrade

Upgraded AdguardHome to V0.107.26.

Language

Added German language.

New feature

Added Parental Control feature.
Added Zerotier feature.
Added Tailscale feature.
Added Clear Traffic Statistics button for in client page.
Added DHCP Gateway option for LAN.
Added SSID Visibility option for guest Wi-Fi.
Added support for GoodCloud alerts when new clients join.
Added support for comments for domain and IP profiles in VPN policy.

Optimization

Improved IPv6 LAN Mode options. Separates the native and passthrough modes.
Improved the results and hints of the DDNS test.
Improved drop-in gateway feature with DHCP-based solution to increase stability.
Improved LED lighting logic to ensure consistency with the UI.
Improved interaction for MAC address cloning.
Improved networking status alerts in Internet page.
Improved interface tracking settings description for Multi-WAN.
Improved login page with automatic focus to password input box.
Improved VPN client configuration file view with files sorted by name.
Improved the switch name in the VPN global options for whether the GL.iNet service uses VPN or not.
Improved the interaction of set read-only users to read-write users in network storage.
Improved ADGuard Home feature to support seeing which client the request is coming from.

V4.9.0

Cautions

• Due to a comprehensive redesign of the Parental Control feature in V4.9.0, existing configurations for this feature will not be preserved during the upgrade. You will need to reconfigure your settings after the update. Please back up your settings first.
• With the introduction of multi-select configuration and intra-tunnel failover for VPN tunnels in V4.9.0, the inter-tunnel failover feature has been removed. When upgrading with configuration retention, the Kill Switch will be enabled by default in all tunnels. Please back up your settings first.

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience. This is a beta firmware, which has only undergone basic testing. Please use with caution and contact support@gl-inet.com if you encounter any problems.

New Features

• Added support for DPI (Deep Packet Inspection), providing data statistics, content filtering, and intelligent QoS (Quality of Service).
• Added SQM (Smart Queue Management) to intelligently optimize network queues, reduce latency and jitter.
• Added multi-node selection for VPN tunnels, with automatic failover in case of node failure.
• Added support for PureVPN and Windscribe services under the WireGuard protocol.
• Added an option to enable or disable specific profile configurations in WireGuard Server.
• Added Cellular Profile management and online APN database updates.
• Added ACL (Access Control List) functionality to control network traffic based on rules such as protocol, source IP address, destination IP address, and port number.
• Added support for running the router as a Tailscale exit node and an IP masquerade option.
• Added an option to disable automatic detection and cancel in-progress firmware download.
• Added an automatic cleanup function for offline clients on the Client page.
• Added support for the AmneziaWG 2.0 obfuscation protocol.
• Address Reservation now supports setting a custom Hostname.

Optimization

• Redesigned the VPN functionality, optimizing core interaction flows and visual design for a more intuitive interface and smoother operation.
• Optimized the Cellular interface by integrating cellular features, improving the user experience.
• Optimized encrypted DNS functionality, supporting DoH, DoT, and DoQ encryption methods, along with more DNS provider options, and added the ability to manually configure encrypted DNS servers.
• Improved the Parental Control feature by streamlining the setup process, supporting basic device management, internet time control, and content filtering.
• Upgraded Tailscale to version 1.92.5.
• Upgraded AdGuard Home to version 0.107.73.
• VPN Client now supports batch selection and deletion of configurations.
• Improved the Port Forwarding feature to automatically perform one-to-one mapping for external and internal port ranges.
• When IPv6 is enabled, IPv6 connection status tracking in Multi-WAN is activated automatically.
• Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

Bug Fixes

• 2026-05-29: Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

V4.8.2

Cautions

The OpenWRT version has been upgraded. Please do NOT keep settings when downgrading to an earlier version. Please backup your settings first.

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience.

New Features

• Added VPN multi-instance to support enabling multiple VPN clients simultaneously.
• Added VPN composite policy for traffic diversion based on multiple criteria, including source interface, source MAC address, and destination domain/IP.
• Added an option to enable or disable VPN internet access on the Clients page, which is effective only for MAC-based VPN policies.
• Added HTTPS support for RTTY.
• Added a one-click option to send logs to technical support.
• Added IPv6 support for VPN.

Optimization

• Refactored the Cellular function for improved performance and user interface, supporting more parameter configurations and status displays.
• Redesigned the UI style, improved the Web Admin Panel topology, and introduced new controls to support the presentation of complex services.
• Optimized the guidance of VPN functionality to simplify usage.
• Optimized VPN configuration to support IPv6.
• Optimized the export of client configuration files for the VPN Server, allowing users to manually enter the server address in the configuration file.
• Optimized the Clients page, supporting quick setting of reserved IP addresses.
• Optimized the Log display to support filtering by Log level, module, and keywords, as well as exporting more debugging information.
• Optimized the GoodCloud platform's device binding functionality.
• Optimized the display of VPN Server page status information.
• Improved the ease of use of the AstroWarp functionality.
• Upgraded OpenVPN to version 2.6.12.
• Upgraded Dnscrypt-proxy to version 2.1.5.
• Upgraded Stubby to version 0.4.3.
• Upgraded Zerotier to version 1.14.1.

Bug Fixes

• Fixed security vulnerability CVE-2025-44018

Changes from 4.7.4 (latest public release)

Factory build 4.7.13 (2025-06-24) vs public release 4.7.4 (2025-03-27).

• LuCI removed — The full LuCI web interface (25 packages) is no longer pre-installed. GL.iNet replaced it with an “Install Now” button under SYSTEM > Advanced Settings in the main admin panel. Clicking it installs LuCI on demand.
• ~85 packages updated across the system
• curl: 7.83.1 → 8.12.1
• dropbear: 2020.81 → 2024.86
• Samba: 4.14.12 → 4.18.9
• 2 new packages: lua-eco-sha256, lua-eco-termios
• No DISTRIB_REVISION in /etc/openwrt_release (OpenWrt git revision missing)

V4.8.1

Overview

This version mainly fixed some known bugs.

Bug Fixes

• Improved issues related to Direct Routing applications
• Fixed the issue where DNS requests did not go through the VPN tunnel when AdGuard Home's upstream DNS server was customized to NextDNS's HTTP/3 and QUIC protocols.
• Fixed the issue where parental controls might not take effect when the VPN client was enabled.

V4.8.0

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience.

New Features

• Added VPN multi-instance, allowing support for enabling multiple VPN clients at the same time.
• Added VPN composite policy, allowing traffic diversion based on multiple criteria, including source interface, source MAC address, and destination domain/IP.
• Added an option to enable or disable VPN internet access on the Clients page, which is effective only when the VPN policy is based on MAC.
• Added the isolation feature between the Guest Network and the Upstream network.
• Added support for HTTPS in RTTY.
• Added a one-click option to send logs to technical support.
• Added support for IPv6 in VPN.

Optimization

• Refactored the Cellular function for improved performance and user interface, supporting more parameter configurations and status displays.
• Redesigned the UI style, improved the Web Admin Panel topology, and introduced new controls to support the presentation of complex services.
• Optimized toggle switch functionality to support Repeater, Wi-Fi and LED light control.
• Optimized the guidance of VPN functionality to simplify usage.
• Optimized VPN configuration to support IPv6.
• Optimized the export of client configuration files for the VPN Server, allowing users to manually enter the server address in the configuration file.
• Optimized the Clients page, supporting quick setting of reserved IP addresses.
• Optimized the Log display to support filtering by Log level, module, and keywords, as well as exporting more debugging information.
• Optimized the GoodCloud platform's device binding functionality.
• Optimized the display of VPN Server page status information.
• Optimized the Repeater auto-switching logic.
• Improved the ease of use of the AstroWarp functionality.
• Upgraded OpenVPN to version 2.6.12.
• Upgraded Dnscrypt-proxy to version 2.1.5.
• Upgraded Stubby to version 0.4.3.
• Upgraded Zerotier to version 1.14.1.

V4.7.4

Overview

This version fixes some security vulnerabilities and other bugs.

Bug Fixes

• Fixed the issue where the failed VPN policy subscription URL request would display an unknown error.
• Fixed the issue where turning off 'Override DNS Settings of All Clients' would not take effect after enabling AdGuard Home or VPN Client.
• Fixed the issue where DDNS testing failed to display the WAN address of Ethernet 2.
• Fixed an issue where no error message was displayed when entering an incorrect old password, while changing the administrator password.
• Fixed the issue where manually adding a WireGuard Client configuration would incorrectly prompt the error message.
• Fixed the issue where modifying the administrator password did not log out the current LuCI session.
• Fixed the issue where the AzireVPN login password containing special characters, such as '$', would incorrectly trigger an 'invalid login info' error message.
• Fixed the issue where the client name containing a comma prevented address retrieval.
• Fixed the issue where the GL.iNet APP could not customize client types.
• Fixed the issue where network storage could not share directories containing special characters.
• Fixed the issue where Wi-Fi 5G downlink rate decreased after the client was connected for a period of time.
• Fixed the issue where turning on the 'Camouflage' mode would still fail to pass the portal authentication.
• Fixed the issue where switching from DHCPv6 to PPPoEv6 prevented the downstream devices from accessing the internet.
• Fixed the issue where switching to WDS mode, after enabling AP isolation, would cause address acquisition failure.
• Fixed the issue where the WireGuard Client name field would close automatically when tapping outside the input area.

V4.7.0

Overview

This version introduces several new features and enhancements that improve the interface interaction for overall user experience.

Synchronize Updated Models

Beryl AX (GL-MT3000), Brume 2 (GL-MT2500), Flint 2 (GL-MT6000).

New Features

• Added device initialization wizard, including settings for administrator and WiFi password, networking connection, VPN and other core functionalities.
• Added AstroWarp mode (Beta), allowing you to create your own network using aggregated connections and cloud gateways for a high-speed, stable network experience.
• Added cloud account login functionality, supporting device binding to the cloud from the firmware web page.
• Added domain name list subscription feature, supporting VPN policies and parental control through URL subscriptions for online domain name or IP list.
• Added support for Control D DNS.
• Added AP Isolation function.
• Added Luci Access Restriction function.
• Added USB port protocol conversion function, allowing downgrading to use USB 2.0.
• Added Network Port Management page, supporting scheduled and reboot of automatic updates for Ethernet MAC, WAN/LAN port switching, and displaying network port negotiation rates.
• Added support for NordVPN, PIA, Surfshark, Hideme, IPVanish WireGuard VPN services, along with AzireVPN registration functionality.

Optimization

• Optimized the process for manually adding the WireGuard client configuration files and supporting automatic key generation.
• Optimized the process of configuring vendor profiles for VPN clients.
• Optimized repeater random MAC settings, supporting scheduled and reboot of automatic updates for repeater MAC.
• Optimized the detection process for multi-WAN load network status.
• Optimized OpenVPN Client functionality, allowing modification of configuration file names.
• Optimized the page names in the web management panel so that the router's hostname is displayed in the browser tab.
• Optimized the design of interface error messages and interactive elements like input dropdown lists.
• Upgraded AdGuard Home to version 0.107.52.
• Upgraded Tor to version 0.4.8.9.

V4.6.9

Overview

This release mainly fixes a known bug.

Updated Model

Beryl AX (GL-MT3000)

Bug Fixe

• Fixed the issue of abnormal transmit power in some cases.

V4.6.8

Overview

This version mainly focuses on fixing a few known bugs.

Synchronized Updated Models

Flint (GL-AX1800), Slate AX (GL-AXT1800), Beryl AX (GL-MT3000), Brume 2 (GL-MT2500)/(GL-MT2500A), Flint 2 (GL-MT6000).

Improvement

• Upgrade AdGuard Home version to v0.107.52.

Bug Fixes

• Fixed the issue where, after enabling the VPN client and using Global Proxy, enabling AdGuard Home to handle client requests resulted in only localhots 127.0.0.1 appearing in the client list on the settings page.
• Fixed the issue that TCP port can be probed when WireGuard Server is enabled.
• Fixed the issue where the 5G wireless disappeared after the device relayed an upstream device with a 5G channel set to 20M dfs.
• Fixed the issue that resulted in unusual log messages.
• Fixed the issue where the router's own DNS requests always went through the dnsmasq proxy after switching DNS settings on the page.

V4.6.4

Overview

This version mainly focuses on fixing a few known bugs and fixes some security vulnerabilities to enhance the user experience.

Supported Models

GL-AX1800, GL-AXT1800, GL-MT2500/GL-MT2500A, GL-MT3000, GL-MT6000.

Improvement

• Updated WiFi driver(MT3000).

Bug Fixes

• Fixed an issue with DNS leaks when upgrading from version 4.5.x reserved configurations to 4.6.x with VPN connected.
• Fixed the issue that when the 5G main network is not a DFS channel, the 5G main network page will be opened again with a prompt of about 3s for DFS channel availability detection.
• Fixed a relay scan timeout issue when the WiFi was configured with DFS channels.
• Fixed the issue where the relay icon did not turn gray when disconnecting the relay connection while the internet connection mode was set to relay and wired.
• Fixed the issue where language packs were not retained after upgrading with preserved configuration.
• Fixed the issue where PC WebDAV access would show no data, after enabling WebDAV, inserting a USB drive, and rebooting.
• Fixed the issue where RTTY-WEB remote access encountered relay scan errors and failed to relay.
• Fixed a crash of the device's WiFi driver when connecting with a D-Link DWA-192 AC1900 network adapter to 2.4G WiFi.
• Corrected an issue where adding and applying any custom rule in parental control had no effect on Google Chrome.
• Fixed an issue where trunks were configured with static IPs, and the trunks showed up as connected even though the trunks were disconnected.
• Fixed the issue of DNS leakage when VPN Client and DNS encryption are enabled.
• Corrected a problem where switching internet connection modes did not update the IP address in DDNS resolution.
• Fixed an issue where videos and images on the USB drive could not be accessed after inserting a USB drive, enabling DLNA, and soft resetting the device.
• Resolved a DNS leak issue when switching VPN policy from global proxy to IP/domain-based mode.
• Fixed the issue that the client's hostname was reported to the relay's superior after the relay set a random MAC.
• Fixed the issue that the WAN port does not show IPv6 address when connecting to a VPN client and then enabling IPv6.
• Addressed a program crash caused by relay scanning when no other APs were nearby.
• Corrected a crash caused by wireless scanning of SSIDs containing carriage return characters.
• Fixed the issue where accessing the device management page using an IPv6 address displayed incorrect MAC cloning information for Ethernet and relay.
• Fixed the issue where the WebDAV function did not work properly when using an account or password with a length of 64-bit characters.
• Fixed the issue that after pulling Mullvad VPN configuration, when the corresponding Public Key is deleted from the Mullvad website and the configuration is pulled again, the IP address in the pulled configuration changes to 'The'.
• Resolved the issue of relay scanning crashing when IBSS exists in the surrounding area.
• Fixed the issue where firewall rules would occasionally disappear after rebooting the device following a connection to wgclient.
• Fixed the issue where dip switch is bound to wireguard client, the device turns on ovpn client, and restarting the device causes vpn policy to fail.
• Fixed the issue where the killswitch failed to work when the DNS service was proxied by the AdGuard program or an encrypted DNS program, and the VPN was in a connected state.

V4.6.2

Overview

This version mainly provides the following improvements:

• Improved the user experience with the repeater feature. Resolved an issue where most hotspots using Captive Portal could not be repeated.
• Improved the display of IPv6 addresses, and added support for customization of the interface language packs.

Supported models

Flint (GL-AX1800), Slate AX (GL-AXT1800), Beryl AX (GL-MT3000), Brume 2 (GL-MT2500)/(GL-MT2500A), Flint 2 (GL-MT6000).

New features

• Added the Login Mode for Public Hotspots and the Camouflage Mode. This resolved an issue where most hotspots using Captive Portal could not be repeated.
• Added the option to use a randomized BSSID to prevent devices from being traced by BSSID.
• Added the UI language pack management feature. This allows adding additional language packs and subscribing to language pack updates.
• Added an option to choose whether the VPN interface uses manually configured DNS. This allows using the VPN's DNS servers, if Encrypted DNS or AdGuard Home is enabled.
• Added support for port range forwarding and port forwarding rule prioritization options.
• Added TTL, HL, and MTU options for each interface.
• Added support for connecting to Wi-Fi via QR code.

Improvements

• Optimized the repeater feature to enhance performance and user experience. Added support for configuring MAC address for SSIDs individually.
• Optimized the display of IPv6 address on the Internet page and the Client page.
• Optimized the MAC address setting logic to support cloning or setting random MAC addresses for each interface.
• Optimized the status display on the Tethering interface to make a clear distinction between 'disabled' and 'enabled but no device'.
• Optimized the port forwarding feature. It now has its own page within the admin panel and can function simultaneously as DMZ. The port opening (previously on the Firewall page) has been moved to the Security page.
• Optimized the logic of jumping after LAN IP is modified so that users do not need to sign in again.
• Optimized the logic of guest network enabling. If guest Wi-Fi is disabled, guest network will also be disabled.
• Optimized the logic of toggle switches. When rebooting a device, the enabling status of corresponding services (such as VPN) will be set according to the status of the toggle switch.
• Removed the length restriction on mobile phone number in SMS sending and forwarding.
• Removed the option 'Force 20MHz Bandwidth For 2.4G' from the Repeater settings.
• Upgraded AdGuard Home to version 0.107.46.

Bug fixes

• Fixed an issue where reserved IP addresses were incorrectly sorted by IP if the IP address range was large.
• Fixed instances where abnormal issues would occur during firmware grade when “keep settings” was selected during IPv6 mode.
• Fixed an issue where the reset feature would not work when Tailscale was enabled.
• Fixed an issue where parental controls would not properly resolve domain names using capital letters (e.g., WWW.GOOGLE.COM).
• Fixed an issue where manually configured routes would not work in some cases when the VPN client was in custom routing proxy mode.
• Fixed an issue where the cellular interface would incorrectly determine the internet status of the IPv6 protocol.
• Fixed an issue where the manual DNS server address in the DNS interface would be invalid after disabling AdGuard Home.
• Fixed an issue where the imported WireGuard profiles with multi-line AllowedIPs entries were parsed incorrectly.
• Fixed an issue where re-uploading an OpenVPN profile ZIP file with an additional certificate file would not overwrite the old certificate file upload the first time. (This caused some configurations provided by the VPN service providers to not update properly when manually uploaded again.)
• Fixed an issue where the router would not recognize USB cellular modems using the M2 EM05G model.
• Fixed an issue that prevented the VPN from properly following the interface connection status for failover to function when using policy-based proxy mode.

V4.5.16

Overview

This release version mainly enhances network security and fixes known issues with network status detection, providing users with the option to manually add languages in the language community and the option to pre-emptively experience the new version. It is compatible with Full Cone NAT and SIP ALG features found in other routers. Optimization, bug fixing, and vulnerability repair for more vendors are shown below.

Supported Models

GL-A1300 Slate Plus, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-MT3000 Beryl AX, GL-MT2500/GL-MT2500A Brume 2, GL-X300B Collie

New features

• Reconstructed mwan3 and renamed it as kmwan. Optimized failover and load balancing, as well as network status in various scenarios.
• Added the Security configuration page.
• Added grayscale testing design. Added RC version subscription and upgrade.
• Added the communityization of language packs to support manual addition.
• Added support for IPoE, and support for configuring VLAN ID during DHCP and static dialing.
• Added Full Cone NAT function.
• Added the SIP ALG option.
• Added new temperature protection setting for MTK Wi-Fi.

Improvements

• Optimized the side route UI interaction and add the option to turn off the DHCP server itself.
• Optimized the restart process of the relay program.
• [Only for GL-X300B Collie] Optimized the functionality of RS485, the UI, and localization.
• Optimized the Tailscale mechanism.
• Updated language files and pull translation scripts.

Bug fixes

• Fixed an issue where the interface jumped due to the incorrect change in the client's online time.
• Fixed an issue with the TTL settings not taking effect.
• Fixed an issue where scanning always indicated that it was in DFS when all interfaces were disabled.
• Fixed an issue of failing to enable Wi-Fi for the first time after upgrading.
• Fixed an issue of failing to connect to the AP due to a failure to parse IE_HT_CAP.
• Fixed an issue where multiple parsed AllowedIPs were incorrect when parsing the uploaded WireGuard client configuration files.
• Fixed an IP conflict issue that occured when adding a client profile to WireGuard after modifying the PeerIP of the WireGuard server configuration via SSH.
• Fixed an issue where inbound data from non-VPN interfaces would not trigger port forwarding rules when VPN was enabled.
• Fixed an issue where some devices from the TAP-S2S OpenVPN client would not display properly on the client page.
• Fixed an issue where the OpenVPN server certificate may be lost after rebooting the device.
• Fixed an issue where selecting manual mode on the MAC address page and entering the factory default MAC address on the ethernet page would result in an unsuccessful configuration even after connecting to the repeater successfully at first.
• Fixed an issue where the network speed limit feature was still activated after enabling network speed limit, enabling network acceleration, and rebooting the device.
• Fixed some known vulnerabilities.

V4.5.0

Overview

This release version mainly enhances network security and fixes known issues with network status detection, providing users with the option to manually add languages in the language community and the option to pre-emptively experience the new version. It is compatible with Full Cone NAT and SIP ALG features found in other routers. Optimization, bug fixing, and vulnerability repair for more vendors are shown below.

This release is available for the following models:
GL-A1300 Slate Plus
GL-AX1800 Flint
GL-AXT1800 Slate AX
GL-MT3000 Beryl AX
GL-MT2500/GL-MT2500A Brume 2
GL-X300B Collie

New features

• Reconstructed mwan3 and renamed it as kmwan. Optimized failover and load balancing, as well as network status in various scenarios.
• Added the Security configuration page.
• Added grayscale testing design. Added RC version subscription and upgrade.
• Added the communityization of language packs to support manual addition.
• Added support for IPoE, and support for configuring VLAN ID during DHCP and static dialing.
• Added Full Cone NAT function.
• Added the SIP ALG option.
• Added new temperature protection setting for MTK Wi-Fi.

Improvements

• Optimized the side route UI interaction and add the option to turn off the DHCP server itself.
• Optimized the restart process of the relay program.
• [Only for GL-X300B Collie] Optimized the functionality of RS485, the UI, and localization.
• Optimized the Tailscale mechanism.
• Updated language files and pull translation scripts.

Bug fixes

• Fixed an issue where the interface jumped due to the incorrect change in the client's online time.
• Fixed an issue with the TTL settings not taking effect.
• Fixed an issue where scanning always indicated that it was in DFS when all interfaces were disabled.
• Fixed an issue of failing to enable Wi-Fi for the first time after upgrading.
• Fixed an issue of failing to connect to the AP due to a failure to parse IE_HT_CAP.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

V4.4.6 - Oct 8,2023

VPN

• Fixed the problem that the OpenVPN client cannot access the Internet after dialing up, either by rebooting the router or by restarting the feature.

WireGuard

• Fixed the problem that WireGuard client gets error 'Error: inet6 prefix is expected rather than' when connecting to server.
• Fixed the problem that the WireGuard client of the device under test does not disconnect after the WireGuard server of the device accompanying the test is shut down, and keeps showing the connection status.

Repeater

• Fixed the problem that the wireless network connection is abnormal after the router repeater DFS channel.

Tailscale

• Fixed the problem that when using PPPoE dialup, the Internet cannot be accessed when tailscale is enabled.
• Fixed the problem that the Good Cloud platform fails to connect when Tailscale is enabled.

Clients

• Fixed the problem that the black/white list function is not compatible with the old version of blacklist.

Upgrade

• Fixed the problem that online upgrade reports error '-4,fetch firmware name fail: network unreachable'.

DDNS

• Fixed the problem that all TCP ports are opened when DDNS is enabled to allow http/https access in reserved configurations.

LAN

• Fixed the problem that br-lan occasionally hangs when changing LAN IP.

Ethernet

• Fixed the problem that Wan interface do not work.

V4.4.5 - Aug 11,2023

VPN

• Open VPN server when using tor,delete -4VPN conflict prompt.

GoodCloud

• Fix MQTT runs abnormally after obtaining 4G/5G information.

Modem

• Fix M2 demo board cannot recognize SIM card.
• Fix abnormal display of LTE bandwidth.

Tailscale

• Add support for accepting routes option.
• Add support for mutual access between Tailscale subnets.

Dns

• Fix next-dns setting does not take effect.

WireGuard

• Fix WireGuard cannot reconnect after working for two days.

Parental Control

• Fix adding specified url does not take effect.

Bug Fixes

Fixed the problem that after the MT3000 relays the 160M Hz hotspot, the AP becomes 20M.
Fixed the problem that the AX/AXT1800 cannot access the AP itself after relaying the DFS 140 channel.
Fixed the problem that parental control cannot block blacklist websites in newer browsers.
Fixed the externder working mode, the superior cannot ping the subordinate.
Fixed the problem that openvpn port forwarding fails after the reserved configuration is upgraded.
Fix the problem that mqtt cannot report SSID.
Fixed the problem that ddns occasional interface return error.
Fixed The relay cannot connect to Huawei TC7102 160MHz 5GWiFi.
Fix single sim card slot does not return dual sim card slot information.
Fixed the problem that after the adguardhome function is turned on on the A1300 and the adguardhome is turned off, the visitor has no network.
Fixed the problem that Openvpn Server and wireguard Server shut down remote access to the LAN subnet, but the Openvpn and wireguard clients can still access the IP address of the PC on the LAN side of the server.
Fixed the AP bridge mode, the bridge is not successful. The address assigned by the superior cannot be obtained.
Support-EM160R-EM060K-EM120K-RM520N-modem.
Fixed the problem that A1300 cannot recognize USB3.0 external modem.
Fixed the problem of abnormal equipment caused by the time zone or 160M bandwidth issued by the GoodCloud.
Correct the display problem of the LED light in the unconnected network mode.
Fixed the problem of unsuccessful dialing using external modem, QMI and QCM protocol dialing.
Roll back MTK SDK from v7.6.7.0 to v7.6.6.1.

Bug Fixes

Fixed the problem where the openvpn cannot resolve DNS after restarting openvpn after keeping settings upgrade.
Fixed the problem where the status cannot be displayed correctly when the external modem is connected using the 3G protocol.
Fixed a BUG where clients could not access the internet after failover.
Fixed some UI display exceptions.

Software Upgrade

Upgraded MTK SDK from v7.6.6.1 to v7.6.7.0

Bug Fixes

Fixed a problem where the WiFi configuration page showed unavailable channel options.
Fixed a problem where NordVPN could not resolve DNS after keeping settings upgrade.
Fixed a problem where GL-MT3000 failed to recognize USB3.0 modem.
Fixed a problem where the IPV6 rate limiting does not take effect.
Fixed a problem where GL-MT3000 failed to repeat to iPhone 13 and TP-LINK ACR700.
Fixed a memory leak problem in GL-MT3000 when using QCM protocol.
Fixed a probabilistic issue where GL-MT3000 could not apply OpenVPN username and password.

Optimizations

Disabled nginx access logs.
Optimized the MWAN3 online detection threshold.
Optimized the synchronization of configuration files in abnormal situations.
Optimized the repeater scan time of GL-MT3000.

Software Upgrade

Upgraded AdguardHome to V0.107.26.

Language

Added German language.

New feature

Added Parental Control feature.
Added Zerotier feature.
Added Tailscale feature.
Added Clear Traffic Statistics button for in client page.
Added DHCP Gateway option for LAN.
Added SSID Visibility option for guest Wi-Fi.
Added support for GoodCloud alerts when new clients join.
Added support for comments for domain and IP profiles in VPN policy.

Optimization

Improved IPv6 LAN Mode options. Separates the native and passthrough modes.
Improved the results and hints of the DDNS test.
Improved drop-in gateway feature with DHCP-based solution to increase stability.
Improved LED lighting logic to ensure consistency with the UI.
Improved interaction for MAC address cloning.
Improved networking status alerts in Internet page.
Improved interface tracking settings description for Multi-WAN.
Improved login page with automatic focus to password input box.
Improved VPN client configuration file view with files sorted by name.
Improved the switch name in the VPN global options for whether the GL.iNet service uses VPN or not.
Improved the interaction of set read-only users to read-write users in network storage.
Improved ADGuard Home feature to support seeing which client the request is coming from.

Modem

Fix EG25/EC25/EC20 modems qmi dial-up failure

Repeater

Fix the problem of low speed
Fix scan disconnection issue

Wifi

Fix the problem that some channels of wifi in Germany are not displayed

V4.9.0

Cautions

• Due to a comprehensive redesign of the Parental Control feature in V4.9.0, existing configurations for this feature will not be preserved during the upgrade. You will need to reconfigure your settings after the update. Please back up your settings first.
• With the introduction of multi-select configuration and intra-tunnel failover for VPN tunnels in V4.9.0, the inter-tunnel failover feature has been removed. When upgrading with configuration retention, the Kill Switch will be enabled by default in all tunnels. Please back up your settings first.

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience. This is a beta firmware, which has only undergone basic testing. Please use with caution and contact support@gl-inet.com if you encounter any problems.

New Features

• Added support for DPI (Deep Packet Inspection), providing data statistics, content filtering, and intelligent QoS (Quality of Service).
• Added SQM (Smart Queue Management) to intelligently optimize network queues, reduce latency and jitter.
• Added multi-node selection for VPN tunnels, with automatic failover in case of node failure.
• Added support for PureVPN and Windscribe services under the WireGuard protocol.
• Added an option to enable or disable specific profile configurations in WireGuard Server.
• Added support for creating dedicated networks for IoT devices.
• Added Cellular Profile management and online APN database updates.
• Added ACL (Access Control List) functionality to control network traffic based on rules such as protocol, source IP address, destination IP address, and port number.
• Added support for running the router as a Tailscale exit node and an IP masquerade option.
• Added an option to disable automatic detection and cancel in-progress firmware download.
• Added an automatic cleanup function for offline clients on the Client page.
• Added support for the AmneziaWG 2.0 obfuscation protocol.
• Address Reservation now supports setting a custom Hostname.

Optimization

• Redesigned the VPN functionality, optimizing core interaction flows and visual design for a more intuitive interface and smoother operation.
• Redesigned the Wireless interface by simplifying the layout and unifying the visual hierarchy, making it cleaner and more intuitive.
• Optimized the Cellular interface by integrating cellular features, improving the user experience.
• Optimized encrypted DNS functionality, supporting DoH, DoT, and DoQ encryption methods, along with more DNS provider options, and added the ability to manually configure encrypted DNS servers.
• Improved the Parental Control feature by streamlining the setup process, supporting basic device management, internet time control, and content filtering.
• Upgraded Tailscale to version 1.92.5.
• Upgraded AdGuard Home to version 0.107.73.
• VPN Client now supports batch selection and deletion of configurations.
• Improved the Port Forwarding feature to automatically perform one-to-one mapping for external and internal port ranges.
• When IPv6 is enabled, IPv6 connection status tracking in Multi-WAN is activated automatically.

Bug Fixes

• 2026-05-29: Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

V4.3.25

Overview

This version fixes some security vulnerabilities.

Synchronize Updated Models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300).

V4.3.18

Overview

This version fixes some security vulnerabilities.

Supported models

Slate (GL-AR750S), Creta (GL-AR750), Mudi (GL-E750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Puli (GL-XE300), Convexa-B (GL-B1300), Cirrus (GL-AP1300).

V4.3.17

Overview

This version fixes some security vulnerabilities and other bugs.

Supported models

Opal (GL-SFT1200), Beryl (GL-MT1300), Slate (GL-AR750S), Creta (GL-AR750), Shadow (GL-AR300M), Shadow (GL-AR300M16), Mango (GL-MT300N-V2), Mudi (GL-E750), Spitz (GL-X750), Puli (GL-XE300), Convexa-B (GL-B1300), Cirrus (GL-AP1300), Convexa-S (GL-S1300).

Bug fixes

• Fixed the issue that the Web may show an error message when modifying the Maximum Number of Users or DHCP Gateway in the LAN page.
• Fixed the issue that some disconnected Wi-Fi clients still show online in the client list.
• Fixed the issue that the color of the online upgrade dialog is abnormal under the dark theme.
• Fixed the issue that GL-SFT1200 can not be upgraded online.
• Fixed the issue that the client device cannot access the Internet IPv6 address in Static IPv6 mode of GL-SFT1200.
• Fixed some interface text errors.

V4.3.11

Overview

This firmware release provides optimizations, bug fixes, and fixes for security vulnerabilities.

Supported Models

GL-AR300M,GL-AR300M16,GL-AR750,GL-AR750S,GL-B1300,GL-MT300N-V2,GL-MT1300,GL-SFT1200 and GL-X750

New features

• Added language support for Korean.
• (Only available on GL-X750) Added some software packages: kmod-fs-vfat, kmod-fs-ntfs, kmod-fs-ext4, e2fsprogs.

Bug fixes

• Fixed an issue with GL-MT300N-V2 where the dip switch and the UI display were reversed.
• Fixed an issue with GL-MT300N-V2 where wireless terminals could not obtain an address after successfully switching to the Extend and WDS modes.
• Fixed an issue where two routers acting as the VPN server and the VPN client respectively could not automatically reconnect after disconnection due to network volatility.
• Fixed an issue where client devices connected through an ethernet cable would not automatically reconnect after the LAN IP address was modified.
• Fixed a conflicted that occurred with GL-SFT1200 between PPPoE protocol with VLAN ID and hardware acceleration.
• Fixed an error that happened when a device using PPPoE protocol first switched to the Extender mode and then restored the Route mode.
• Fixed various known vulnerabilities.

V4.3.10

Overview

This version mainly includes optimizations, bug fixes, and security vulnerability resolutions, as shown below.

This release is available for the following models:
GL-AR300M Shadow
GL-AR300M16 Shadow
GL-AR750 Creta
GL-AR750S-EXT Slate
GL-B1300 Convexa-B
GL-MT300N-V2 Mango
GL-MT1300 Beryl

Bug fixes

• Fixed deadlock issue in mwan3.

Vulnerability fixes

• Fixed a vulnerability that allowed arbitrary upload files to be created or modified through the API. (CVE-2023-47464)
• Fixed an unauthorized remote code inclusion vulnerability in the webDAV file server. (CVE-2023-47463)
• Fixed an issue of bypassing Nginx authentication through a Lua string pattern matching vulnerability. (CVE-2023-50919)
• Fixed an issue where users bypassed authentication or access control measures by assigning the same session ID each time they restarted. (CVE-2023-50920)
• Fixed an issue where calling the add_user interface in the system module could allow root access. (CVE-2023-50921)
• Fixed a vulnerability that allowed arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed a path traversal vulnerability in the OpenVPN client file upload, which could lead to arbitrary file writes. (CVE-2023-46455, CVE-2023-46456)
• Fixed a vulnerability that allowed an attacker who stole the AdminToken cookie to upload a crontab-formatted file to a specific directory and wait for it to execute, thereby executing arbitrary code. (CVE-2023-50922)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)

Cautions

• Your settings can NOT be kept when upgrading to this version from 3.x. Please backup your settings first.
• This version firmware does NOT include the following features:
  • File Sharing
  • Captive Portal
  • Automatic Upgrade
  • RS485
  • GPS
  • Mesh
• This admin panel does NOT include the following languages:
  • French
  • Korean
  • Russian
• Limited by CPU performance and storage space, this version firmware also does NOT include Network Storage fature. (Allow users to install via plug-in after exroot)

OpenWrt Upgrade

• Built based on OpenWrt 22.03.4 (AR300,AR750,AR750S,X300B,X750,XE300,MT300N-V2,MT1300,E750).
• Built based on OpenWrt 21.02.2 (B1300).
• Built based on OpenWrt 18.06 (SFT1200).

New Features

• Added Scheduled Tasks feature.
• Added Overview page to display system loading and set LED.
• Added Multi-WAN feature, allowing users to switch between failover and load balancing modes.
• Added Drop-in Gateway feature.

Optimization

• Refactored and optimized System Architecture.
• Redesigned interface UI.
• Optimized sidebar structure.
• Refactored and optimized repeater feature.
• Refactored and optimized VPN features.
• Refactored and optimized clients feature.
• Optimized Cellular Settings feature.
• Optimized DNS faeture.
• Optimized MAC Clone feature, which has been renamed to MAC address.
• Optimized IPv6 feature with the addition of Native mode.
• Optimized Guest Wi-Fiwith the addition of SSID Visibility option.
• Optimized DDNS Test.
• Optimized connections with GoodCloud.

BUG fix

• Fixed the TTL settings not taking effect when fw4 is used.

New features

1. Support upgrade to sdk4.x.
   

Important bugfix

1. Fixed SF1200/SFT1200 VPN data leaks.
   
2. Fixed MT300N-V2 switch does not reset after the network is restarted.
   
3. Fixed X750 wireless initialization exception.
   
4. Fixed B2200 WiFi mac error.
   
5. Fixed B2200 MESH clients display error.
   
6. Fixed B2200 MESH link instability.
   
7. Fixed B2200 MESH status LED display error.
   
8. Fixed B2200 MESH network failure after the upgrade.
   
9. Fixed B2200 MESH sub-router web error message.
   
10. Fixed AX1800 USB output is powered off because the manual modem reset.
    
11. Fixed Wireguard client reconnect failure in some scenarios.
    
12. Fixed Error occurs when the wireguare client name contains spaces.
    

System

1. Based on openwrt 19.07.8 (AR150,MIFI,AR300M,USB150,N300,AR750,AR750S,X750,E750,XE300,MT1300,MT300N-V2,MV1000)
   
2. Based on QSDK11 (B1300,S1300,AP1300,B2200,AX1800)
   
3. Based on Siflower SDK (SF1200,SFT1200)
   

Security

1. Fixed shell injection vulnerabilities.
   

V4.3.29

Overview

This is a beta firmware, which has only undergone basic testing. Please use with caution and contact support@gl-inet.com if you encounter any problems.

Bug Fixes

• 2026-05-28: Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

V4.8.7

Overview

• This version fixes some bugs.

V4.8.5

Overview

• This release focuses on targeted optimizations of the USB-to-Ethernet data path, improving forwarding performance and link negotiation stability to deliver a better network experience in high-bandwidth scenarios.

Optimization

• Optimized the USB-to-Ethernet forwarding path, significantly enhancing throughput and overall forwarding stability.

Bug Fixes

• Fixed an issue where the USB 2.5G Ethernet interface failed to negotiate to 2.5 Gbps in certain scenarios.
• Fixed an issue where the wired WAN interface exhibited abnormally low upload throughput, restoring normal upstream performance.

V4.8.4

Overview

• release initial version

V4.9.0

Cautions

• Due to a comprehensive redesign of the Parental Control feature in V4.9.0, existing configurations for this feature will not be preserved during the upgrade. You will need to reconfigure your settings after the update. Please back up your settings first.
• With the introduction of multi-select configuration and intra-tunnel failover for VPN tunnels in V4.9.0, the inter-tunnel failover feature has been removed. When upgrading with configuration retention, the Kill Switch will be enabled by default in all tunnels. Please back up your settings first.

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience. This is a beta firmware, which has only undergone basic testing. Please use with caution and contact support@gl-inet.com if you encounter any problems.

New Features

• Added support for DPI (Deep Packet Inspection), providing data statistics, content filtering, and intelligent QoS (Quality of Service).
• Added SQM (Smart Queue Management) to intelligently optimize network queues, reduce latency and jitter.
• Added multi-node selection for VPN tunnels, with automatic failover in case of node failure.
• Added support for PureVPN and Windscribe services under the WireGuard protocol.
• Added an option to enable or disable specific profile configurations in WireGuard Server.
• Added support for creating dedicated networks for IoT devices.
• Added Cellular Profile management and online APN database updates.
• Added ACL (Access Control List) functionality to control network traffic based on rules such as protocol, source IP address, destination IP address, and port number.
• Added support for running the router as a Tailscale exit node and an IP masquerade option.
• Added an option to disable automatic detection and cancel in-progress firmware download.
• Added an automatic cleanup function for offline clients on the Client page.
• Added support for the AmneziaWG 2.0 obfuscation protocol.
• Address Reservation now supports setting a custom Hostname.

Optimization

• Redesigned the VPN functionality, optimizing core interaction flows and visual design for a more intuitive interface and smoother operation.
• Redesigned the Wireless interface by simplifying the layout and unifying the visual hierarchy, making it cleaner and more intuitive.
• Optimized the Cellular interface by integrating cellular features, improving the user experience.
• Optimized encrypted DNS functionality, supporting DoH, DoT, and DoQ encryption methods, along with more DNS provider options, and added the ability to manually configure encrypted DNS servers.
• Improved the Parental Control feature by streamlining the setup process, supporting basic device management, internet time control, and content filtering.
• Upgraded Tailscale to version 1.92.5.
• Upgraded AdGuard Home to version 0.107.73.
• VPN Client now supports batch selection and deletion of configurations.
• Improved the Port Forwarding feature to automatically perform one-to-one mapping for external and internal port ranges.
• When IPv6 is enabled, IPv6 connection status tracking in Multi-WAN is activated automatically.

Bug Fixes

• 2026-05-29: Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

V4.8.6

Overview

• This version fixes some bugs.

Optimization

• Optimize Wi-Fi connection stability.

New Features

• Added support for AmneziaWG obfuscation protocol.

V4.8.6

Overview

• This version mainly fixed some known bugs.

V4.8.5

Overview

This version mainly fixed some bugs and optimizes the DPI function.

Optimization

• Optimized the enabling logic of DPI function

Bug Fixes

• Fixed an issue with SQM rate unit conversion.
• Fixed an issue where enabling DPI-related features could cause Tailscale's dnsmasq to malfunction.
• Fixed an issue where the IPV6_NAT network throughput may be abnormally when LAN1 was set to WAN mode.
• Fixed an issue where abnormal priority of iptables rules caused SYN-ACK packet loss when PPPoE protocol in WAN.
• Fixed an issue where DDNS failed to report the WAN IP.
• Fixed an issue where mark on the VPN server caused VPN clients to fail to connect.

V4.8.4

Overview

This is the init firmware.

V4.9.0

Cautions

• Due to a comprehensive redesign of the Parental Control feature in V4.9.0, existing configurations for this feature will not be preserved during the upgrade. You will need to reconfigure your settings after the update. Please back up your settings first.
• With the introduction of multi-select configuration and intra-tunnel failover for VPN tunnels in V4.9.0, the inter-tunnel failover feature has been removed. When upgrading with configuration retention, the Kill Switch will be enabled by default in all tunnels. Please back up your settings first.

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience. This is a beta firmware, which has only undergone basic testing. Please use with caution and contact support@gl-inet.com if you encounter any problems.

New Features

• Added support for DPI (Deep Packet Inspection), providing data statistics, content filtering, and intelligent QoS (Quality of Service).
• Added SQM (Smart Queue Management) to intelligently optimize network queues, reduce latency and jitter.
• Added multi-node selection for VPN tunnels, with automatic failover in case of node failure.
• Added support for PureVPN and Windscribe services under the WireGuard protocol.
• Added an option to enable or disable specific profile configurations in WireGuard Server.
• Added Cellular Profile management and online APN database updates.
• Added ACL (Access Control List) functionality to control network traffic based on rules such as protocol, source IP address, destination IP address, and port number.
• Added support for running the router as a Tailscale exit node and an IP masquerade option.
• Added an option to disable automatic detection and cancel in-progress firmware download.
• Added an automatic cleanup function for offline clients on the Client page.
• Added support for the AmneziaWG 2.0 obfuscation protocol.
• Address Reservation now supports setting a custom Hostname.

Optimization

• Redesigned the VPN functionality, optimizing core interaction flows and visual design for a more intuitive interface and smoother operation.
• Optimized the Cellular interface by integrating cellular features, improving the user experience.
• Optimized encrypted DNS functionality, supporting DoH, DoT, and DoQ encryption methods, along with more DNS provider options, and added the ability to manually configure encrypted DNS servers.
• Improved the Parental Control feature by streamlining the setup process, supporting basic device management, internet time control, and content filtering.
• Upgraded Tailscale to version 1.92.5.
• Upgraded AdGuard Home to version 0.107.73.
• VPN Client now supports batch selection and deletion of configurations.
• Improved the Port Forwarding feature to automatically perform one-to-one mapping for external and internal port ranges.
• When IPv6 is enabled, IPv6 connection status tracking in Multi-WAN is activated automatically.
• Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

Bug Fixes

• 2026-05-29: Update the dnsmasq component to version 2.92, incorporating upstream CVE fixes.

V4.8.4

Overview

This version mainly fixed some known bugs.

V4.8.3

Overview

This version mainly fixed some known bugs.

Optimization

• Optimized the firmware upgrade function, replacing Release Candidate with Gray Release.

Bug Fixes

• Fixed an issue where DNS packets failed to be blocked when toggling off the ‘All Other Traffic’ switch during a VPN connection failure, while AdGuard Home was enabled and the tunnel Killswitch was disabled.
• Fixed an issue in OpenVPN Server mode where the client’s IPv6 DNS was incorrectly pointed to Cloudflare (2606:4700:4700:1001) instead of the server’s tunnel IP after connection.
• Fixed the issue where the VPN dashboard page renders incompletely and causes content display problems when accessing the Web UI via some older versions of iOS Safari.

V4.8.2

Overview

This version introduces several new features and enhancements that improve the interface interaction for the overall user experience.

New Features

• Added VPN multi-instance to support enabling multiple VPN clients simultaneously.
• Added VPN composite policy for traffic diversion based on multiple criteria, including source interface, source MAC address, and destination domain/IP.
• Added an option to enable or disable VPN internet access on the Clients page, which is effective only for MAC-based VPN policies.
• Added the isolation feature between the Guest Network and the Upstream network.
• Added HTTPS support for RTTY.
• Added a one-click option to send logs to technical support.
• Added IPv6 support for VPN.

Optimization

• Refactored the Cellular function for improved performance and user interface, supporting more parameter configurations and status displays.
• Redesigned the UI style, improved the Web Admin Panel topology, and introduced new controls to support the presentation of complex services.
• Optimized the guidance of VPN functionality to simplify usage.
• Optimized VPN configuration to support IPv6.
• Optimized the export of client configuration files for the VPN Server, allowing users to manually enter the server address in the configuration file.
• Optimized the Clients page, supporting quick setting of reserved IP addresses.
• Optimized the Log display to support filtering by Log level, module, and keywords, as well as exporting more debugging information.
• Optimized the GoodCloud platform's device binding functionality.
• Optimized the display of VPN Server page status information.
• Optimized the Repeater auto-switching logic.
• Improved the ease of use of the AstroWarp functionality.
• Upgraded OpenVPN to version 2.6.12.
• Upgraded Dnscrypt-proxy to version 2.1.5.
• Upgraded Stubby to version 0.4.3.
• Upgraded Zerotier to version 1.14.1.

Bug Fixes

• Fixed security vulnerability CVE-2025-44018

V4.7.7

Overview

This version mainly fixed some known bugs.

Bug Fixes

• Fixed the issue where the transmit power was abnormal in certain situations.

V4.7.4

Overview

This version fixes some security vulnerabilities and other bugs.

Bug Fixes

• Fixed the issue where the failed VPN policy subscription URL request would display an unknown error.
• Fixed the issue where turning off 'Override DNS Settings of All Clients' would not take effect after enabling AdGuard Home or VPN Client.
• Fixed the issue where DDNS testing failed to display the WAN address of Ethernet 2.
• Fixed an issue where no error message was displayed when entering an incorrect old password, while changing the administrator password.
• Fixed the issue where manually adding a WireGuard Client configuration would incorrectly prompt the error message.
• Fixed the issue where modifying the administrator password did not log out the current LuCI session.
• Fixed the issue where the AzireVPN login password containing special characters, such as '$', would incorrectly trigger an 'invalid login info' error message.
• Fixed the issue where the client name containing a comma prevented address retrieval.
• Fixed the issue where the GL.iNet APP could not customize client types.
• Fixed the issue where network storage could not share directories containing special characters.
• Fixed the issue where Wi-Fi 5G downlink rate decreased after the client was connected for a period of time.
• Fixed the issue where turning on the 'Camouflage' mode would still fail to pass the portal authentication.
• Fixed the issue where switching from DHCPv6 to PPPoEv6 prevented the downstream devices from accessing the internet.
• Fixed the issue where switching to WDS mode, after enabling AP isolation, would cause address acquisition failure.
• Fixed the issue where the WireGuard Client name field would close automatically when tapping outside the input area.

V4.7.0

Overview

This version introduces several new features and enhancements that improve the interface interaction for overall user experience.

Synchronize Updated Models

Beryl AX (GL-MT3000), Brume 2 (GL-MT2500), Flint 2 (GL-MT6000).

New Features

• Added device initialization wizard, including settings for administrator and WiFi password, networking connection, VPN and other core functionalities.
• Added AstroWarp mode (Beta), allowing you to create your own network using aggregated connections and cloud gateways for a high-speed, stable network experience.
• Added cloud account login functionality, supporting device binding to the cloud from the firmware web page.
• Added domain name list subscription feature, supporting VPN policies and parental control through URL subscriptions for online domain name or IP list.
• Added support for Control D DNS.
• Added AP Isolation function.
• Added Luci Access Restriction function.
• Added USB port protocol conversion function, allowing downgrading to use USB 2.0.
• Added Network Port Management page, supporting scheduled and reboot of automatic updates for Ethernet MAC, WAN/LAN port switching, and displaying network port negotiation rates.
• Added support for NordVPN, PIA, Surfshark, Hideme, IPVanish WireGuard VPN services, along with AzireVPN registration functionality.

Optimization

• Optimized the process for manually adding the WireGuard client configuration files and supporting automatic key generation.
• Optimized the process of configuring vendor profiles for VPN clients.
• Optimized repeater random MAC settings, supporting scheduled and reboot of automatic updates for repeater MAC.
• Optimized the detection process for multi-WAN load network status.
• Optimized OpenVPN Client functionality, allowing modification of configuration file names.
• Optimized the page names in the web management panel so that the router's hostname is displayed in the browser tab.
• Optimized the design of interface error messages and interactive elements like input dropdown lists.
• Upgraded AdGuard Home to version 0.107.52.
• Upgraded Tor to version 0.4.8.9.

V4.6.8

Overview

This version mainly focuses on fixing a few known bugs.

Synchronized Updated Models

Flint (GL-AX1800), Slate AX (GL-AXT1800), Beryl AX (GL-MT3000), Brume 2 (GL-MT2500)/(GL-MT2500A), Flint 2 (GL-MT6000).

Improvement

• Upgrade AdGuard Home version to v0.107.52.

Bug Fixes

• Fixed the issue where, after enabling the VPN client and using Global Proxy, enabling AdGuard Home to handle client requests resulted in only localhots 127.0.0.1 appearing in the client list on the settings page.
• Fixed the issue that TCP port can be probed when WireGuard Server is enabled.
• Fixed the issue where the 5G wireless disappeared after the device relayed an upstream device with a 5G channel set to 20M dfs.
• Fixed the issue that resulted in unusual log messages.
• Fixed the issue where the router's own DNS requests always went through the dnsmasq proxy after switching DNS settings on the page.

V4.6.4

Overview

This version mainly focuses on fixing a few known bugs and fixes some security vulnerabilities to enhance the user experience.

Supported Models

GL-AX1800, GL-AXT1800, GL-MT2500/GL-MT2500A, GL-MT3000, GL-MT6000.

Improvement

• Updated WiFi driver(MT3000).

Bug Fixes

• Fixed an issue with DNS leaks when upgrading from version 4.5.x reserved configurations to 4.6.x with VPN connected.
• Fixed the issue that when the 5G main network is not a DFS channel, the 5G main network page will be opened again with a prompt of about 3s for DFS channel availability detection.
• Fixed a relay scan timeout issue when the WiFi was configured with DFS channels.
• Fixed the issue where the relay icon did not turn gray when disconnecting the relay connection while the internet connection mode was set to relay and wired.
• Fixed the issue where language packs were not retained after upgrading with preserved configuration.
• Fixed the issue where PC WebDAV access would show no data, after enabling WebDAV, inserting a USB drive, and rebooting.
• Fixed the issue where RTTY-WEB remote access encountered relay scan errors and failed to relay.
• Fixed a crash of the device's WiFi driver when connecting with a D-Link DWA-192 AC1900 network adapter to 2.4G WiFi.
• Corrected an issue where adding and applying any custom rule in parental control had no effect on Google Chrome.
• Fixed an issue where trunks were configured with static IPs, and the trunks showed up as connected even though the trunks were disconnected.
• Fixed the issue of DNS leakage when VPN Client and DNS encryption are enabled.
• Corrected a problem where switching internet connection modes did not update the IP address in DDNS resolution.
• Fixed an issue where videos and images on the USB drive could not be accessed after inserting a USB drive, enabling DLNA, and soft resetting the device.
• Resolved a DNS leak issue when switching VPN policy from global proxy to IP/domain-based mode.
• Fixed the issue that the client's hostname was reported to the relay's superior after the relay set a random MAC.
• Fixed the issue that the WAN port does not show IPv6 address when connecting to a VPN client and then enabling IPv6.
• Addressed a program crash caused by relay scanning when no other APs were nearby.
• Corrected a crash caused by wireless scanning of SSIDs containing carriage return characters.
• Fixed the issue where accessing the device management page using an IPv6 address displayed incorrect MAC cloning information for Ethernet and relay.
• Fixed the issue where the WebDAV function did not work properly when using an account or password with a length of 64-bit characters.
• Fixed the issue that after pulling Mullvad VPN configuration, when the corresponding Public Key is deleted from the Mullvad website and the configuration is pulled again, the IP address in the pulled configuration changes to 'The'.
• Resolved the issue of relay scanning crashing when IBSS exists in the surrounding area.
• Fixed the issue where firewall rules would occasionally disappear after rebooting the device following a connection to wgclient.
• Fixed the issue where dip switch is bound to wireguard client, the device turns on ovpn client, and restarting the device causes vpn policy to fail.
• Fixed the issue where the killswitch failed to work when the DNS service was proxied by the AdGuard program or an encrypted DNS program, and the VPN was in a connected state.

V4.6.2

Overview

This version mainly provides the following improvements:

• Improved the user experience with the repeater feature. Resolved an issue where most hotspots using Captive Portal could not be repeated.
• Improved the display of IPv6 addresses, and added support for customization of the interface language packs.

Supported models

Flint (GL-AX1800), Slate AX (GL-AXT1800), Beryl AX (GL-MT3000), Brume 2 (GL-MT2500)/(GL-MT2500A), Flint 2 (GL-MT6000).

New features

• Added the Login Mode for Public Hotspots and the Camouflage Mode. This resolved an issue where most hotspots using Captive Portal could not be repeated.
• Added the option to use a randomized BSSID to prevent devices from being traced by BSSID.
• Added the UI language pack management feature. This allows adding additional language packs and subscribing to language pack updates.
• Added an option to choose whether the VPN interface uses manually configured DNS. This allows using the VPN's DNS servers, if Encrypted DNS or AdGuard Home is enabled.
• Added support for port range forwarding and port forwarding rule prioritization options.
• Added TTL, HL, and MTU options for each interface.
• Added support for connecting to Wi-Fi via QR code.

Improvements

• Optimized the repeater feature to enhance performance and user experience. Added support for configuring MAC address for SSIDs individually.
• Optimized the display of IPv6 address on the Internet page and the Client page.
• Optimized the MAC address setting logic to support cloning or setting random MAC addresses for each interface.
• Optimized the status display on the Tethering interface to make a clear distinction between 'disabled' and 'enabled but no device'.
• Optimized the port forwarding feature. It now has its own page within the admin panel and can function simultaneously as DMZ. The port opening (previously on the Firewall page) has been moved to the Security page.
• Optimized the logic of jumping after LAN IP is modified so that users do not need to sign in again.
• Optimized the logic of guest network enabling. If guest Wi-Fi is disabled, guest network will also be disabled.
• Optimized the logic of toggle switches. When rebooting a device, the enabling status of corresponding services (such as VPN) will be set according to the status of the toggle switch.
• Removed the length restriction on mobile phone number in SMS sending and forwarding.
• Removed the option 'Force 20MHz Bandwidth For 2.4G' from the Repeater settings.
• Upgraded AdGuard Home to version 0.107.46.

Bug fixes

• Fixed an issue where reserved IP addresses were incorrectly sorted by IP if the IP address range was large.
• Fixed instances where abnormal issues would occur during firmware grade when “keep settings” was selected during IPv6 mode.
• Fixed an issue where the reset feature would not work when Tailscale was enabled.
• Fixed an issue where parental controls would not properly resolve domain names using capital letters (e.g., WWW.GOOGLE.COM).
• Fixed an issue where manually configured routes would not work in some cases when the VPN client was in custom routing proxy mode.
• Fixed an issue where the cellular interface would incorrectly determine the internet status of the IPv6 protocol.
• Fixed an issue where the manual DNS server address in the DNS interface would be invalid after disabling AdGuard Home.
• Fixed an issue where the imported WireGuard profiles with multi-line AllowedIPs entries were parsed incorrectly.
• Fixed an issue where re-uploading an OpenVPN profile ZIP file with an additional certificate file would not overwrite the old certificate file upload the first time. (This caused some configurations provided by the VPN service providers to not update properly when manually uploaded again.)
• Fixed an issue where the router would not recognize USB cellular modems using the M2 EM05G model.
• Fixed an issue that prevented the VPN from properly following the interface connection status for failover to function when using policy-based proxy mode.

V4.5.8

Overview

This firmware version brings significant enhancements to Wi-Fi stability and compatibility as well as provides fixes to security vulnerabilities.

Supported Models

GL-MT6000

Improvements

• Optimized Wi-Fi network speeds and compatibility.
• Improved stability of Wi-Fi networks.
• Upgraded Tailscale to version 1.58.2.

Bug Fixes

• Fixed an issue of slow download speeds with the 2.5Gbps ethernet port.
• Fixed an issue where Wi-Fi country code and power were shown inaccurately on the LuCI page.
• Fixed various known vulnerabilities.

V4.5.6

Bugfixes

• Fixed wifi driver crash caused by null pointers.
• Fixed the issue of WiFi 160M speed reduction.

V4.5.5

Bugfixes

• Update WiFi firmware.
• Fixed hardware acceleration enabled, unable to connect to the network after lower level wds.

V4.5.4 - Dec 12 ,2023

Bugfixes

• Fixed the problem of probability crash when using 2.4G and 5Gwifi at the same time.
• Fixed abnormal restart of cloud platform service after long-term use.

Vulnerability fix

• Fixed a vulnerability that allows arbitrary shell commands to be executed through carefully crafted package names. (CVE-2023-46454)
• Fixed an injection vulnerability in the gl_system_log and gl_crash_log interface in the logread module, which allows arbitrary shell commands to be executed via JSON parameters. (CVE-2023-50445)
• Fixed an injection vulnerability in the upgrade_online interface of the upgrade module, which allowed arbitrary shell commands to be executed through JSON parameters. (CVE-2023-50445)