Apache Log4j Vulnerability - Log4Shell Vulnerability Information for D-Link Devices and Services :: Not Affected
Overview
On Dec. 10, 2021, D-Link was aware of a vulnerability in the widely used Java logging library Apache Log4j. The vulnerability, 'Log4Shell,' was first identified by users of a popular Minecraft forum and was reported privately to the Apache Foundation by Alibaba Cloud security researchers on Nov. 24, 2021. The vulnerability can allow unauthenticated, remote code execution (RCE) on nearly any machine using Log4j.
As soon as we were aware of the vulnerability, D-Link began a thorough investigation into the possible impact. At this time, based on the information that we have received regarding the exposure, we have found no use of the impacted Apache Log4j library versions in our business and conclude that our products, mydlink, Nuclias, and other services, and our apps are not affected by the 'Log4Shell' vulnerability.
D-Link takes issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for the latest updates.
Regarding the Security patch for your D-Link Devices
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually, and we strongly recommend all users install the relevant updates.
Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. The beta software, beta firmware, or hot-fix is provided on an "as is" and "as available" basis, and the user assumes all risk and liability for use thereof. D-Link does not offer any warranties, whether express or implied, as to the suitability or usability of the beta firmware. D-Link will not be liable for any loss, whether such loss is direct, indirect, special, or consequential, suffered by any party as a result of their use of the beta firmware.
There are different hardware revisions on our products; please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the product's underside next to the serial number. Alternatively, they can also be found on the device web configuration.