December 14th, 2021|Allgemein, Security Advisory, Update|

Severity: Not affected

Researchers have recently uncovered security issues with an open-source logging library called ‘log4j’. The java-based log4j library is a widely deployed logging utility and used in many cloud applications that utilize Apache web servers. If exploited, it could result into Remote Code Execution. This issue is also known as ‘log4shell’ or CVE-2021-44228

All DHD Series 52 hardware, including XC2, XD2, XS2 cores, is not utilizing the log4j library. Java or Apache are also not used on our hardware. Therefore, DHD devices are not vulnerable to log4shell attacks.

Also, DHD PC software, such as Toolbox9, DHDCS, Operation Server and Operation Manager, is not utilizing the vulnerable library.

One of DHD’s top priorities is the safety and reliability of our products. This is why we will continue investigating further threats eventually arising from CVE-2021-44228 and inform you on any news.

References