Apache log4j library vulnerability
Last updated
Last updated
On December 9th, 2021, a vulnerability in certain versions of the Apache log4j library was disclosed. Products utilizing this library are susceptible to remote code execution vulnerability, where a remote attacker can leverage this vulnerability to gain full control of the impacted device. More details can be found at NIST.
Since the discovery of this vulnerability, EnGenius Research Center has been closely monitoring this threat and how it may affect EnGenius products. Only few EnGenius cloud services use the log4j library, none of them use it in a way that makes them vulnerable to CVE-2021-44228. The conclusion of the investigation is that the products listed below under the Unaffected Products section are not vulnerable to CVE-2021-44228. If new information is discovered, this advisory will be updated.
ezWifiPlanner service
Although ezWifiPlanner does not enable any JNDI and LDAP features that cause the vulnerability, we still upgraded relative log4j libraries to ensure the safety.
EnGenius Cloud
ezMaster
EnSky
EWS Access Points
EWS Ethernet Switchs
ECW Access Points
ECS Ethernet Switches
ENH Access Points
ENS Access Points
EnStation Access Points
EMR Routers
ESR Routers
All EnGenius Mobile Apps
CVE:
CVE-2021-44228
Publication Date:
2021-Dec-13
Severity:
Critical
Reference:
Status:
Confirmed