Skip to content
Updated June 10, 2022
InVid Tech is closely following the recently disclosed security vulnerability in the open-source Apache "Log4j2" utility (CVE-2021-44228) that has been classified as "Critical" with a CVSS score of 10 and allows for Remote Code Execution with system-level privileges or sensitive information leak.
In addition to monitoring the threat landscape for the attacks and developing customer protections, our security teams launched an investigation and ran an analysis upon receiving the information.
As of today, there have been no indicators of compromise on our products from Log4j2. InVid Tech will continue to monitor the development of this issue, and updates will be listed here if there are any changes.
Countermeasures are available to secure layers of protection and increase situational awareness.
If you have further questions, please feel free to contact us.
Below is a breakdown of our products.
Paramont Series:
All Paramont Series products, including IP cameras, NVRs, DVRs, decoders, and dedicated project devices, will not be affected by CVE-2021-45046 and CVE-2021-44228. These products are all based on the customization and development of C++, and make no reference to the jar package of Apache Log4j2.
The current version v2.1.2.10830 will still have the Apache Log4J files within the CMS files, BUT it isn't used. If there is a security scan, and it is flagged, please go to the below file paths and remove for BOTH the Server AND Client paths, deleting "log4j-core-2.0-rc1.jar"
Please note: In the next version of our Paramont CMS, v2.1.3..., this file path will be removed completely.
Vision Series
All Vision Series products, including IP cameras, NVRs, XVR, VMS, network storage transmission, display, access control products, apps, and software, will not be affected by this vulnerability.
Secure Series
All Secure Series products, including IP Cameras, NVRs, DVRs, XVR products, software, apps, and tools will not be affected by this vulnerability.
Elevate Series
All Elevate Series products, including IP & HD Analog Cameras, NVRs, DVRs, software, apps, and tools will not be affected by this vulnerability.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer eget hendrerit metus. Curabitur a diam ultricies, vulputate quam non, aliquet sem. Nulla nisi enim, mollis ut tempus et, pulvinar eu urna. Mauris commodo turpis elit, sed dictum orci pharetra ac. Vivamus pellentesque risus eu augue gravida vestibulum. Nullam aliquet, magna faucibus tristique cursus, lacus augue venenatis elit, non gravida mi orci in velit. Quisque non hendrerit ex, in faucibus diam.