Log4J exploit

Hello cccherald, that is a great question.

What is the make and model of your AT&T modem? This will allow us to get you the correct line of support.

Let us know.

Thank you for visiting AT&T Community Forums!

Carlton, AT&T Community Specialist 

Model BGW320-505

thanks.

We're here to help regarding keeping your network safe, cccherald!

The exploit you are speaking of is only occurring on website hosts and servers, and the way you connect to them. We suggest you only access trusted websites, or use your own internet security to keep yourself safe.

Let us know if you have any further questions!

Donovan, AT&T Community Specialist

Hello, As far as I understand that might not be accurate. Anything running Apache could be vulnerable. If the router is configured to log data from incoming traffic for example and its web server is a flavor of apache with the logging extension at the root of this vulnerability, it could be exploited from this. I have the same question on a BGW320-505

Hey there @tdunct,  we want to help.

Let’s meet in a Direct Message to discuss your security concern. Please check your Direct Message Inbox (it’s the chat icon next to the bell icon in the upper right corner of the Forums)

CalebP, AT&T Community Specialist 

The AT&T firmware on the BGW210 and BGW320 series of routers does not allow you to enable public management access.  Thus, were the firmware to be found vulnerable to attack via the log4j issues, it could only be attacked from an actor or agent operating inside your network.  

That having been said, I've seen no evidence that these gateways employ Java in any way.

If the BGW320-505 is set up by an AT&T tech, is it configured to update automatically in case there  are security patches provided by AT&T, or does one need to log into the router as administrator to do that?