× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: RAIADare and Log4j vulnerability?

janpeter1
Luminary

RAIADare and Log4j vulnerability?

Hi

I read in another post that OS6 does not contain software that is vulnerable to Log4j.

 

But what about RAIDar app?

 

I run macOS and I find that RAIDar is blocked.  It is a month or so since I last ued RAIDar and the blockage come before recent update of macOS to 11.6.2.

 

When I try start RAIDar I get infomration that i need the Java product JRE see enclosed screen shot.

This means to me that RAIDar do contain Java code but of course all Java code is no open for Log4j what I undertand. 

So this might be a weak part, right?

 

Further I wonder how this blockage can have come about and it is only me who work this computer.

And due to Log4j I dare not install JRE at the moment and would like to have some advice.

 

Jan Peter

 

 

 

 

 

 

Model: RN31400|ReadyNAS 300 Series 4- Bay (Diskless)
Message 1 of 4
Sandshark
Sensei

Re: RAIADare and Log4j vulnerability?

RAIDar is a Java application.  But it's not really necessary so long as you know the IP address of the NAS -- you can log into the admin interface directly at https://ip.of.the.NAS/admin (where you insert the real IP address).  RAIDar is nice for getting a quick check that the NAS is OK, though.

Message 2 of 4
schumaku
Guru

Re: RAIADare and Log4j vulnerability?


@janpeter1 wrote:

But what about RAIDar app?


No panic please. 

 


@janpeter1 wrote:

I run macOS and I find that RAIDar is blocked. ...

When I try start RAIDar I get infomration that i need the Java product JRE see enclosed screen shot.


The App is not blocked due to whatever known vulnerability out there. Much more, the JRE environment must be installed to run any Java appliation. The JRE must be maintained and kept up2date, . This won't happen automatically AFAIK.

 


@janpeter1 wrote:

And due to Log4j I dare not install JRE at the moment and would like to have some advice.


The Apache Log4j is a larger and complex Java library environment used in the enterprise application ... for logging. The dead simple RAIDar application does not include the Log4j library environment, thus there is no Log4j relaed vulnerability. 

 

Based on the same logic, one should not run a computer at all....

 

Message 3 of 4
StephenB
Guru

Re: RAIADare and Log4j vulnerability?


@janpeter1 wrote:

Hi

I read in another post that OS6 does not contain software that is vulnerable to Log4j.

 

But what about RAIDar app?

 


Just want to add this statement from Netgear (emphasis added):

@ChristineT  wrote:

NETGEAR is aware of this vulnerability. Our initial findings confirm this vulnerability does not appear to affect NETGEAR products or services. However, we are continuing to investigate any possible risks. If any products or services are found to be vulnerable we will post an update on our NETGEAR Product Security page.

 


Though as @schumaku says, you generally don't need RAIDar.  It does have some diagnostic capabilities, but if the NAS is working ok you don't need it.  So you could live without it for a while.  Also, as he also says, the vulnerability isn't inherent to Java itself.  It's an application library written in Java - the application library comes from Apache.    

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 1428 views
  • 1 kudo
  • 4 in conversation
Announcements