This article covers the 'log4j' vulnerability in relation to EloView 3
Recently it was announced that there is a known 'log4j' vulnerability (also know as 'Log4Shell') that cyber-attackers are attempting to exploit.
Log4j is used in many forms of enterprise and open-source software. This includes cloud platforms, web applications and email services.
Our team has reviewed concerns around this and EloView and its devices are not affected.
Regarding the device side, we are not using 'log4j'.
As of the date of this writing, we are using "log4js" version 4.2.0 on the cloud side, which is not impacted by this vulnerability.
Additional information regarding this CVE (CVE-2021-44228) can be found on the National Institute of Standards and Technology (NIST) website here:
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Please report any broken links by emailing support@elotouch.com and include a link to the knowledge article