Announcements > Security Advisories

Apache Log4j Vulnerability

(1/1)

GreenBay42:
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10263

A serious flaw was discovered on Dec. 10, 2021, in the widely used Java logging library Apache Log4j. The vulnerability, ‘Log4Shell,’ was first identified by users of a popular Minecraft forum and was disclosed to the Apache Foundation by Alibaba Cloud security researchers on Nov. 24, 2021. The vulnerability can allow unauthenticated, remote code execution (RCE) on nearly any machine using Log4j.

D-Link has started investigating its global products, systems, and application to determine if they are affected.

As of 12/14/2021, D-Link US is not aware of any use of Log4j in our product line. We will update this announcement as further information is available.

UPDATE 12/16/2021: After our investigation, all D-Link hardware products, software products including apps, and service platforms (mydlink, Nuclias, D-ECS, FOTA, etc.) have not been affected by this incident, and all the log4j versions with this vulnerabilities are not used.

Navigation

[0] Message Index