• October 07, 2024, 07:00:48 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Apache Log4j Vulnerability  (Read 6002 times)

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Apache Log4j Vulnerability
« on: December 15, 2021, 08:29:47 AM »

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10263

A serious flaw was discovered on Dec. 10, 2021, in the widely used Java logging library Apache Log4j. The vulnerability, ‘Log4Shell,’ was first identified by users of a popular Minecraft forum and was disclosed to the Apache Foundation by Alibaba Cloud security researchers on Nov. 24, 2021. The vulnerability can allow unauthenticated, remote code execution (RCE) on nearly any machine using Log4j.

D-Link has started investigating its global products, systems, and application to determine if they are affected.

As of 12/14/2021, D-Link US is not aware of any use of Log4j in our product line. We will update this announcement as further information is available.

UPDATE 12/16/2021: After our investigation, all D-Link hardware products, software products including apps, and service platforms (mydlink, Nuclias, D-ECS, FOTA, etc.) have not been affected by this incident, and all the log4j versions with this vulnerabilities are not used.
« Last Edit: December 16, 2021, 06:56:41 AM by GreenBay42 »
Logged