NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RAIADare and Log4j vulnerability?
Hi
I read in another post that OS6 does not contain software that is vulnerable to Log4j.
But what about RAIDar app?
I run macOS and I find that RAIDar is blocked. It is a month or so since I last ued RAIDar and the blockage come before recent update of macOS to 11.6.2.
When I try start RAIDar I get infomration that i need the Java product JRE see enclosed screen shot.
This means to me that RAIDar do contain Java code but of course all Java code is no open for Log4j what I undertand.
So this might be a weak part, right?
Further I wonder how this blockage can have come about and it is only me who work this computer.
And due to Log4j I dare not install JRE at the moment and would like to have some advice.
Jan Peter
3 Replies
RAIDar is a Java application. But it's not really necessary so long as you know the IP address of the NAS -- you can log into the admin interface directly at https://ip.of.the.NAS/admin (where you insert the real IP address). RAIDar is nice for getting a quick check that the NAS is OK, though.
janpeter1 wrote:
But what about RAIDar app?
No panic please.
janpeter1 wrote:
I run macOS and I find that RAIDar is blocked. ...
When I try start RAIDar I get infomration that i need the Java product JRE see enclosed screen shot.
The App is not blocked due to whatever known vulnerability out there. Much more, the JRE environment must be installed to run any Java appliation. The JRE must be maintained and kept up2date, . This won't happen automatically AFAIK.
janpeter1 wrote:
And due to Log4j I dare not install JRE at the moment and would like to have some advice.
The Apache Log4j is a larger and complex Java library environment used in the enterprise application ... for logging. The dead simple RAIDar application does not include the Log4j library environment, thus there is no Log4j relaed vulnerability.
Based on the same logic, one should not run a computer at all....
janpeter1 wrote:
Hi
I read in another post that OS6 does not contain software that is vulnerable to Log4j.
But what about RAIDar app?
Just want to add this statement from Netgear (emphasis added):
ChristineT wrote:
NETGEAR is aware of this vulnerability. Our initial findings confirm this vulnerability does not appear to affect NETGEAR products or services. However, we are continuing to investigate any possible risks. If any products or services are found to be vulnerable we will post an update on our NETGEAR Product Security page.
Though as schumaku says, you generally don't need RAIDar. It does have some diagnostic capabilities, but if the NAS is working ok you don't need it. So you could live without it for a while. Also, as he also says, the vulnerability isn't inherent to Java itself. It's an application library written in Java - the application library comes from Apache.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
