Overview

On the 10th of December, 2021, a serious flaw was discovered in the widely used Java logging library Apache Log4j. The vulnerability, ‘Log4Shell,’ was first identified by users of a popular Minecraft forum and was apparently disclosed to the Apache Foundation by Alibaba Cloud security researchers on the 24th of November, 2021. The vulnerability has the potential to allow unauthenticated remote code execution (RCE) on nearly any machine using Log4j.

 

Disclosure

• https://securelist.com/cve-2021-44228-vulnerability-in-apache-log4j-library/105210/CVE-2021-44228
• https://nvd.nist.gov/vuln/detail/CVE-2021-44228

 

Details and Conclusions

As soon as D-Link was made aware of the reported vulnerability, we had promptly started our investigation. We have concluded that this vulnerability does not affect any D-Link hardware products or software products, including Apps and service platforms (including mydlink and Nuclias).