Log4j Vulnerability (CVE-2021-44228) – Does it Affect My Device?

LOG4J

The “Log4j” vulnerability was reported late last week. It is a Java-based software that many large organizations use to configure their applications. According to cybersecurity experts, Log4j is one of the most popular logging libraries used online. It gives software developers a way to build a record of activity to be used for a variety of purposes (e.g. troubleshooting, auditing, data tracking). Since it is both open-source and free, the library essentially touches every part of the internet.

Many of you have been asking if this affects your 5Gstore hardware. Here’s an outline of what we found:

  • 5Gstore.com – Not affected.
    •  “We do not use Java and thus our services are unaffected.” 
  • PeplinkNot affected
    • “Peplink has verified and confirmed that none of our products, including InControl 2 and InControl Appliance, are using the Log4j software. Peplink is therefore not affected by this vulnerability.”
  • CradlepointProducts Affected: NCM (patched 12/11/2021), NCP (patch in progress). 
    • Cradlepoint identified one vulnerability within NetCloud Perimeter (NCP). They are in the process of upgrading Log4j within NCP, and NCM (as a precaution) to the latest version. 
  • Sierra WirelessAM/ AMM Servers affected
    • Patches have been made available.
  • DigiNot affected.
    • “Our products and not affected by this vulnerability.” 
  • Inseego – Not affected.
    • “At Inseego, the security of our products and services is a top priority. Inseego is taking appropriate measures to address the vulnerability reported in the Apache Log4j 2 Java library (also known as Log4Shell). At this time, there have been no successful exploits observed in Inseego products, solutions or in the Inseego environment. We are continually monitoring our products and systems and taking steps to continue to protect our critical applications. Inseego will continue to assess and remediate threats posed by the Log4j vulnerability. Please contact customer support if you have any specific questions or concerns.”
  • NetComm – Not affected. 
    • “We aren’t using any java applications on any of the modems, so they are not affected by this vulnerability.”
  • Switch Always On – Not affected. 
    • “Fortunately, none of our services has the log4j package installed. Some of the external services linked to our system announce it, but those services didn’t cause functional issues.”
  • Remote Power IP Switch – Not affected.
    • “Thankfully, we don’t use Apache Log4j on any of our products.”