Are NETGEAR products vulnerable to LOG4J ?

Question

Hello. Can we please get a clear message from Netgear about the LOG4J vulnerability (CVE-2021-44228) please.

The answer should include (where known):

Which products do not use LOG4J
Which products do use LOG4J
Which products are still under investigation

At the moment your company is looking immature in its lack of response on the matter. Please improve if you want to be taken seriously as a provider of hardware for businesses. The majority of other reputable hardware vendors have released security bulletins, and are updating these bulletins on a daily basis as they learn more.

John_Howard · Answer

Hi Plemans.Thanks. I already read this.It is not detailed enough and is just posted by an admin.They need to release a proper statement. For example this is the DELL security bulletin:&nbsp;https://www.dell.com/support/kbdoc/en-sg/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability&nbsp;

plemans · Answer

try reading in this thread
https://community.netgear.com/t5/Smart-Plus-and-Smart-Pro-Managed/Has-Netgear-GS748TS-been-affected-by-Log4J/m-p/2173563

plemans · Answer

A proper statement would be great.
But you're on the community support forum where members of the public help out.
The best you're going to get on the community forum is literally a post from an admin.&nbsp;
there normally isn't even an admin on here.&nbsp;

John_Howard · Answer

Hi Plemans&nbsp;Good point, I had not fully appreciated that.&nbsp;Though I had seen the posts from Christine the Admin, so hopefully they do see my post and respond.&nbsp;Thanks and Merry Christmas&nbsp;

Forum Discussion

Are NETGEAR products vulnerable to LOG4J ?

4 Replies

Related Content

CM600 & CM400 Product Security Vulnerability

KRACK Vulnerabilities

WPA2 - KRACK / Vulnerability

Registration and Un Registering products Help

Registration and Un Registering products Help

NETGEAR Academy

ProSupport for Business