Since OpenWRT 25.12-SNAPSHOT build has been branched recently, I have updated the Draft Wiki page so that users may start testing on the new branch before 25.12 release.
Newcomers should now have enough info to flash OpenWRT on MR6350 with all the updated information available in the Wiki.
Unfortunately, the MR6350 commit was not backported to the new 24.10.5 release. The 24.10.5 release seems to have been in response to a ssh login vulneratility in dropbear.
This is not an official recommendation, but I’d suggest it would be prudent to upgrade to a current snapshot.
I submitted a PR.
Security fixes
CVE-2025-14282: Dropbear privilege escalation via Unix domain socket forwarding
Per https://openwrt.org/advisory/2025-12-16-1
Also see Mitigations Per
Good afternoon, this is officially in the new version OpenWrt 25.12.0-rc1, installed and tested without problems.
Reading the advisory: It only has impact if you have created additional non-root account(s) on your OpenWRT system. If you only have a single root account, it has no practical impact.
@denisr24 Nice, you are fast mate 
From firmware selector portal, it is possible to search for 25.12-rcN release now
First, the 24.10.5 release was in no way a response to the CVE vulneratility found in dropbear. It is normal to release a final Release when the next Release is branched that will encorporate everything up to the point of branching.
I am well aware that the 95+% of users using standard OpenWrt defaults have no exposure to this CVE per se. Apparently shep doesn't. It is ingenuous to suggest that users should begin using Main instead when an update from 24.10.4 to 24.10.5 will suffice.
The OpenWrt project backports security fixes for components used in the OpenWrt core repository to supported OpenWrt versions. Ergo, support status applies to the the latest minor release of that branch which is 24.10.5.
See Support Status: https://openwrt.org/docs/guide-developer/security#support_status
With respect to this device's add device commit, it was merged into Main 4 days ago after 25.12 was branched. It will not be backported to 24.10.4 or 24.10.5. It will be available in 25.12-rc1 when announced in the next few days and the PR shep mentioned will be closed without action.
I disagree. Top of the list in the release notes:
Main changes between OpenWrt 24.10.4 and OpenWrt 24.10.5
Only the main changes are listed below. See changelog-24.10.5 for the full changelog.
Security fixes
CVE-2025-14282: Dropbear privilege escalation via Unix domain socket forwarding
You missed the context. As we are discussing, there is no 24.10.5 update for the Linksys MR6350. How does that which does not exist “suffice”?
Another questionable statement. The Linksys MR6350 was committed November 15, 2025 - why did it take over 2 weeks to merge?
By definition, the “12” in 25.12 is the month the new branch was tagged.
Lastly, there is a pathway to backport a device to an earlier branch. I have the patch for 24.10 which I have tested on both 24.10.4 and 24.10.5 and I’m looking into submitting it via email to the developer’s mailing list. It may be worth while as it took 2 months from 24.10rc1 to 24.10.0 release. Who knows if there will be another CVE in the mean time?
@RuralRoots rather than spewing criticism maybe you could constructively provide some guidance about “cherry-picking” a commit or if I should just bundle the patch I have and call it “cherry-picked”.
That's your perogative, but I think misguided. The same template was used in the Release Announcements for 24.10.4 and 23.05.3. The definitive answer can be found in the devel ML for December 2025. 25.10.5 and 25.12-rc1 were announced on December 14, but the Dropbear CVE dropped on December 16 (See: https://lists.openwrt.org/pipermail/openwrt-devel/2025-December/044417.html)
I don't believe I did. There will be no 24.10.5 update for the Linksys MR6350. OTOH, you have a working device support patch for this device for 24.10.4 and 24.10.5, and the Dropbear CVE, per established protocol, is handled in 25.10.5. With the announcement of 25.12.rc1, there really is no need to suggest this device's user base switch to Main Snapshot.
Why would I know? I had no involvement in the PR. Actually, the PR was submitted according to the PR date of "Thu Nov 30 17:16:41 2023 +0100". Where it went from there, I can't say. I can say that all PR's in order to be merged into OpenWrt must meet the requirements set down. Just a note that there was another commit in November for this device on "Sat Nov 29 18:02:12 2025 +0100" on commit "1aee2f5567e86b377c94d374929bc26e251bb3d7" to "Fixes: 00bb18b851df ("ipq40xx: Add support for Linksys MR6350")".
Close. It is when the new Major Release is branched from Main. The point where no new development occurs within the branch (other than fixes and security issues). See Branch Logic (https://openwrt.org/about/history?s[]=branch&s[]=logic#branch_logic)
I've noted your ML post. I'll point you to sentence 2 from your link "Since new features are not added to stable branches, backported changes are generally bug fixes and security fixes only." This is also the same protocol found in https://openwrt.org/docs/guide-developer/device-support-policies?s[]=backports#backports. In the event of another CVE affecting OpenWrt, the current relevant Stable will be supported as well as Main.
My intent is not to be critical, rather to educate and be factual. Your ML post seems to indicate you have some concerns with moving to 25.12.rc1 ATM, so to that end, I would just continue running on your patched 24.10.5 and when it's convenient to you, make the switch to latest stable 25.12.x
Now if you really want to tilt at this windmill, the general flow would be:
git clone https://git.openwrt.org/openwrt/openwrt.gitgit log 00bb18b to verify.git checkout openwrt-24.10git cherry-pick 00bb18b851dff8d14a28d7b289b24326483f5015 # this is your MR6350 commit-id.From here, you're on your own. You will need to resolve any conflicts, then build a custom firmware image using the OpenWrt build system (make menuconfig, select your target device, and make).
If you're lucky and all goes according to your planned outcome, you'll end up with a base 24.10.5 firmware image for your backported ML6350 device. Even so, I still think trying to get this new feature backported to 24.10.5 will be futile.
I mostly did the process but on a git pull that I had patched. My patch, although outside of the commit-id, was pulled into the cherry-pick and generated a dts for 2 kernel versions. If I used a pristine pull, I think a clean cherry-pick would be generated.
According to 24.10 projected EOL, it looks like the project will not get security updates after Feb, 2026 although this conflicts with the statement:
A major release will move into End of Life status one year after the initial release, or 6 months after the next major release, whichever date is later. The project aims to do a final minor release at the end of the support cycle.
snip-
When the next major release is published, the previous version will move into Security Maintenance status.
24.10 should get support, including CVE’s for 6 months after 25.12 is released. There should be at least a 24.10.6 release; maybe more if there is a significant CVE. DropBear was a significant CVE found by the OpenWRT team.
Yeh, I know, but 25.12 is in Release Candidate status so we aren’t there yet. 24.10 should still get security updates of core OpenWrt packages, and the Notes: section
indicates EOL status could change depending on circumstances.
I’m pretty sure we’ll see a final 24.10.6 once 25.12.rcx goes to 25.12.1.
Hi all,
I cleaned up the Draft Wiki page a bit after looking at 25.12.0-rc1 change log. I removed the page-in-construction status & added all the relevant tagging information. I probably will make one final update after 25.12 stable release comes out later.
I'm just popping in to share proof of the outstanding performance of our MR6350. Two identical MR6350s (OpenWrt 25.12.0-rc3 (r32486-30527a4c34)). One as the PRIMARY router (WAN - 800 Mbps symmetrical fiber), with SmartDNS, DHCP, and Print Server. The other as the AUXILIARY router (without any of the aforementioned features, connected via LAN to the PRIMARY router). Packet Steering enabled on both, RPS 128. Usteer enabled on both, roaming successful on 2.4/5 GHz on both routers (same ID and Password on both routers and both networks). Hardware Flow Offloading ENABLED on the PRIMARY router, DISABLED on the AUXILIARY router.
OpenWRT 25.12.0-rc4 has been released with a small bug-fix related to MR6350 per change log page :
1d87d1f ipq40xx: fix image pipeline for MR6350 (+1,-1)
