Zero Day exploit that affect app using log4j

[nisryus]

Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaTrace

Given how ubiquitous log4j is, the impact of this vulnerability is quite severe. Learn how to fix Log4Shell, why it's bad, and what a working exploit requires in this post.

www.lunasec.io

"any system that uses log4j to generate logs could be vulnerable to full remote code execution simply by logging a string the attacker controls. "

So ANY log4j based logging happening on web-based or public-facing systems, they will be exploited.

 

[Fanatical Meat]

I am having trouble finding an answer.
Would internet if things devices like a smart thermostat or ring doorbell be at risk?

 

[Stuka87]

I am having trouble finding an answer.
Would internet if things devices like a smart thermostat or ring doorbell be at risk?

Its possible if they are built on java. But the majority of systems impacted are servers that process end user inputs.

 

[DaaQ]

How about Dish Network receivers, Hopper3 and Joey3s?

I am having an issue where the Joeys drop TV but retain guide, so basically a black screen, since I installed a UDM Pro, had found a link saying end network scanners were the problem, but I have been turning off 1 preset firewall item at a time, trying to narrow it down. I am now at 21 of 32 on the firewall, used balanced preset to start.