December 16, 2021
Dear valued partners:
Uniview is closely following the recently disclosed security vulnerability in the open-source Apache “Log4j2" utility (CVE-2021-44228) that has been classified as “Critical” with a CVSS score of 10 and allows for Remote Code Execution with system-level privileges or sensitive information leak.
In addition to monitoring the threat landscape for the attacks and developing customer protections, our security teams launched an investigation and ran analysis upon receive of the information. Up to now, Uniview has observed no indicators of compromise on our products from Log4j2. We would like to inform the results so far as below:
- Uniview's IPC, NVR, XVR, VMS, network storage, transmission, display and access control products are not affected by this vulnerability.
- EZ Client software (EZStation, EZTools, EZAccess), APPs (EZView, EZlite) and EZCloud are not affected by this vulnerability.
Uniview will keep close monitor on the development of this issue as it develops and update you if there is any changes. Countermeasures are available to secure layers of protection and increase situational awareness.
If you have further questions, please feel free to contact us.