Question

Starting with firmware 07.01 there is a link in the webinterface pointing to https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@master/en/v6.4.3/build/ol.js
How can I turn off this behaviour? Because I think an unnecessary security risk.

Thank you

Answer 1

Hello,

Thank you for contacting us.
I would like to ask, could you provide more information about this link? In what section this link are added?

And, if you are worried about log4j vulnerability, I would like to inform, that:
Teltonika Networks devices and RMS platform are not vulnerable to CVE-2021-44228 exploit. I.e.
- The vulnerability itself is related with Apache service and Java-based logging utility called log4j.
- Our devices do not use Apache and do not have this library installed. Instead, we use httpd for our device web application service.
- RMS is also not using neither Apache web services (all Nginx), neither Java services/libraries, including log4j.

Best regards,

Sigitas

Comments

Hi,

thank you for your quick reply. Open up your favorite browser (I use Firefox), open the web interface on RUT240 with firmware >= 07.01 (the sub page does not matter, it is on the login page as well). Open the the developer tools (F12 in Firefox). See the link on the bottom of the body element inside the source element.

I am well aware that this has nothing to do with the log4j "hysteria" . I doubt log4j would even run on this router, consuming all of its resources.

BR

---

Hello,

Thank you for a quick reply.
RnD informed that this javascript source code is required for launching GPS map.
GPS map library is not saved in device due to space limitations, it are downloading directly to a browser.
This javascript code is not harmful and secure.

Best regards,

Sigitas